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Abstract 

Work  on  the  TILT  compiler  for  Standard  ML  led  us  to  study  a  language  with  singleton  kinds:  S{A)  is  the 
kind  of  all  types  provably  equivalent  to  the  type  A.  Singletons  are  interesting  because  they  provide  a  very 
general  form  of  definitions  for  type  variables  and  allow  fine-grained  control  of  type  computations. 

Internally,  TILT  represents  programs  using  a  predicative  variant  of  Girard’s  enriched  with  singleton 
kinds,  dependent  product  and  function  kinds  (S  and  H),  and  a  sub-kinding  relation.  An  important  benefit 
of  using  a  typed  language  as  the  representation  of  programs  is  that  typechecking  can  detect  many  common 
compiler  implementation  errors.  However,  the  decidability  of  typechecking  for  our  particular  representation 
is  not  obvious.  In  order  to  typecheck  a  term,  we  must  be  able  to  determine  whether  two  type  constructors 
are  provably  equivalent.  But  in  the  presence  of  singleton  kinds,  the  equivalence  of  type  constructors  depends 
both  on  the  typing  context  in  which  they  are  compared  and  on  the  kind  at  which  they  are  compared. 

In  this  paper  we  concentrate  on  the  key  issue  for  decidability  of  typechecking:  determining  the  equivalence 
of  well-formed  type  constructors.  We  show  this  problem  decidable  by  presenting  a  sound,  complete,  and 
terminating  decision  algorithm.  These  properties  are  established  by  a  novel  Kripke-style  logical  relations 
argument  inspired  by  Coquand’s  result  for  type  theory. 
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No.  F19628-95-C-0050. 


19991103  130 


DTIO  QUALITY  IKSPECTrED  4 


Keywords:  singleton  kinds,  subkinding,  logical  relations,  type  theory 


1  Introduction 


1.1  Motivation 

The  TIL  compiler  for  core  Standard  ML  [17]  was  structured  as  a  series  of  translations  between  explicitly- 
typed  intermediate  languages.  Each  pass  of  the  compiler  (e.g.,  common  subexpression  elimination  or  closure 
conversion)  transformed  the  program  and  its  type,  preserving  well-typedness.  One  advantage  of  this  frame¬ 
work  is  that  typechecking  the  intermediate  representation  can  detect  a  wide  variety  of  common  compiler 
implementation  errors.  The  typing  information  on  terms  can  also  be  used  to  support  type-based  optimiza¬ 
tions  and  efficient  data  representations;  TIL  used  a  type-passing  interpretation  of  polymorphism  in  which 
types  were  passed  and  analyzed  at  run-time  [12].  In  the  future,  it  should  be  possible  to  use  such  typing 
information  for  annotating  binaries  with  a  certification  of  safety  [13,  14]. 

The  results  from  TIL  were  very  encouraging,  but  the  compiler  implementation  was  inefficient  and  could 
only  handle  complete  programs  written  without  use  of  modules.  The  Fox  Project  group  at  Carnegie  Mellon 
therefore  decided  to  completely  re-engineer  TIL  to  produce  TILT  (TIL  Two),  a  more  practical  compiler 
which  could  handle  separate  compilation  and  the  complete  SML  language. 

One  challenge  in  scaling  up  the  compiler  was  properly  handling  the  propagation  of  type  information.  For 
example,  in  the  Standard  ML  module  language  we  can  have  a  structure  Set  with  the  signature 


sig 

type  item  =  int 
type  set 
type  setpair  = 

val  empty 
val  insert 
val  member 
val  union 
val  intersect 

end 


set  *  set 
set 

set  ♦  item  ->  set 
set  ♦  item  ->  bool 
setpair  ->  set 
setpair  ->  set 


From  this  interface  it  is  apparent  that  the  module  Set  has  three  type  components:  the  type  Set .  item  known 
to  be  equal  to  int,  the  type  Set .  set  about  which  nothing  is  known,  and  the  type  Set .  set  which  is  the  type 
of  pairs  of  Set  .set’s. 

There  are  two  important  points  to  note  about  this  example.  First,  equivalences  such  as  the  one  between 
Set .  item  and  int  are  open-scope  definitions  available  to  “the  rest  of  the  program”,  which  may  not  even  be 
written  when  this  module  is  compiled.  Second,  because  of  type-passing  these  type  components  really  are 
computed  and  stored  by  the  run-time  code.  Although  it  is  possible  get  rid  of  type  definitions  in  signatures 
by  replacing  all  references  to  these  components  with  their  definitions  [16]  we  do  not  wish  to  do  so;  such 
substitutions  could  substantially  increase  the  number  of  type  computations  performed  at  run-time. 

The  choice  we  made  was  to  use  an  typed  intermediate  language  based  on  Fa,  with  the  following  kind 
structure  (recall  that  kinds  classify  type  constructors): 


•  A  kind  T  classifying  ordinary  types; 

•  Singleton  kinds  5(A)  classifying  all  types  of  kind  T  provably  equivalent  to  A; 

•  Dependent  record  kinds  classifying  records  of  type  constructors  and  dependent  function  kinds  classi¬ 
fying  functions  mapping  type  constructors  to  type  constructors^ ; 

•  A  sub-kinding  relation  induced  by  5(A)  <  T. 

Modules  are  represented  in  this  language  using  a  phase-splitting  interpretation  [7,  16].  The  main  idea  is 
that  modules  can  be  split  into  type  constructor  and  a  term,  while  signatures  split  in  a  parallel  way  into  a 
kind  and  a  type.  Singleton  kinds  are  used  to  model  definitions  and  type  sharing  specifications  in  module 

^  A  record  of  type  constructors  should  not  be  confused  with  a  record  type,  which  would  have  kind  T.  Similarly,  functions  of 
type  constructors  are  not  function  types,  which  would  also  have  kind  T . 
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signatures,  dependent  record  kinds  model  the  type  parts  of  structure  signatures,  dependent  function  kinds 
model  the  type  parts  of  functor  signatures,  and  subkinding  models  (non-coercive)  signature  matching. 

For  example,  the  kind  corresponding  to  the  above  signature  is  a  dependent  record  kind  saying  that  there 
are  three  type  components:  the  first  component  item  has  kind  ^(int)  because  its  definition  is  known;  the 
second  component  set  has  kind  T  because  its  definition  is  not  known;  finally  the  third  component  setpair 
has  kind  S{setxset)j  which  takes  advantage  of  the  record  kind  being  dependent. 

Singletons  are  used  to  describe  and  control  the  propagation  of  type  definitions  and  sharing  in  the  compiler. 
The  constructor  A  has  kind  S{B)  if  and  only  if  the  constructors  A  and  B  are  provably  equivalent.  Thus, 
the  hypothesis  that  the  variable  a  has  type  iS'(^)  essentially  says  that  a  is  a  type  variable  with  definition  A. 
This  models  open-scope  definitions  in  the  source  language. 

Furthermore,  singletons  provide  ‘‘partial”  definitions  for  variables.  If  a  is  a  pair  of  types  with  kind 
S'(int)xT  this  tells  us  that  the  first  component  of  this  pair,  TTia,  is  int.  However,  this  kind  tells  us 
nothing  about  the  identity  of  the  7r2Q'.  As  in  the  above  example,  partial  definitions  allow  natural  modeling 
of  definitions  in  a  modular  system,  where  some  components  of  a  module  have  known  definitions  and  others 
remain  abstract. 

Interestingly,  in  a  language  with  singleton  kinds  we  can  additionally  express  with  delimited  scope  {closed- 
scope)  definitions.  The  expression  leta:T  =  int x  int  in  id[Q:](3,4)  end  does  not  typecheck  when  expressed  as 
a  function  application  (Aa:T.id[a](3, 4))[intx  int];  the  application  of  id[a]  to  a  pair  of  integers  is  only  well- 
formed  if  a  is  known  to  be  int  x  int,  which  is  not  apparent  while  checking  the  abstraction.  We  can  express 
this  information,  however,  by  annotating  the  argument  with  a  singleton  kind  to  get  the  well-formed  term 
(Aa:5(intxint).id[a](3,4))[intxint].  Now  let-bindings  of  types  could  be  directly  added  to  our  calculus, 
but  the  general  ability  to  turn  types  into  function  arguments  (particularly  into  new  arguments  of  pre-existing 
functions)  is  necessary  for  a  low-level  description  of  type-preserving  closure-conversion  in  the  type-passing 
framework  [11].  It  also  enables  finer  control  of  when  type  computations  occur  at  run  time,  permitting 
optimizations  such  as  improved  common  subexpression  elimination  of  types. 

Given  that  we  wish  to  typecheck  our  intermediate  representation,  the  question  that  arises  is  whether 
typechecking  is  decidable.  This  question  reduces  to  the  decidability  of  equivalence  for  well-formed  type 
constructors.  This  latter  question  is  non-trivial  because  the  equivalence  of  two  constructors  can  depend  both 
on  the  singletons  (definitions)  in  the  context  and  —  less  obviously  —  on  the  kind  at  which  the  constructors 
are  being  compared.  (See  Section  2.2.)  The  common  method  of  implementing  equivalence  via  context- 
insensitive  rewrite  rules  is  thus  completely  inapplicable  for  our  calculus.  The  goal  of  this  paper  is  to  show 
that  constructor  equivalence  is  nevertheless  decidable. 

1.2  Outline 

In  Section  2  we  introduce  the  calculus  (a  formalization  of  the  key  features  of  the  type  constructors 

and  kinds  of  the  TILT  intermediate  representation).  We  explain  some  of  the  more  interesting  aspects  of 
this  calculus,  including  the  dependency  of  equivalence  on  the  typing  context  and  the  classifying  kind.  We 
show  that  singletons  for  constructors  of  higher  kinds  are  definable,  and  show  that  every  constructor  has  a 
principal  (most-specific)  kind. 

In  Section  3  we  present  a  sound  algorithm  for  determining  equivalence  of  well-formed  constructors.  We 
were  inspired  by  Coquand's  approach  to  /?7;-equi valence  for  a  type  theory  with  H  types  and  one  universe  [3]. 
Coquand  worked  with  an  algorithm  which  directly  decides  equivalence,  rather  than  using  a  confluent  and 
strongly-normalizing  reduction  relation.  However,  in  contrast  to  Coquand ’s  system  we  cannot  compare 
terms  by  their  shape  alone;  we  must  take  account  of  both  the  context  and  the  classifier.  Where  Coquand 
maintains  a  set  of  bound  variables,  we  maintain  a  full  typing  context.  Similarly,  he  uses  shapes  to  guide 
the  algorithm  where  we  maintain  a  classifying  kind.  (For  example,  when  he  would  check  whether  either 
constructor  is  a  lambda-abstraction,  we  check  whether  the  classifying  kind  is  a  function  kind.)  Although  the 
natural  presentation  of  our  algorithm  defines  a  relation  of  the  form  F  h  Ai  O’  A2  :  K ,  we  cannot  analyze 
the  correctness  of  this  algorithm  directly.  Asymmetries  in  the  formulation  preclude  a  direct  proof  of  such 
simple  properties  as  symmetry  and  transitivity,  both  of  which  are  immediately  evident  in  Coquand’s  case. 
Instead  we  analyze  a  related  algorithm  which  restores  symmetry  . by  maintaining  two  typing  context  and  two 
classifying  kinds,  with  the  form  Fi  h  Ai  :  Ki  O  r2  h  A2  :  7^2  • 
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Contexts 

r,A::= 

• 

Empty  context 

1 

T,a:K 

Context  extension 

Kinds 

K,L::= 

T 

Kind  of  types 

1 

S{A) 

Singleton  kind 

1 

na-.K1.K2 

Dependent  function  kind 

1 

.K2 

Dependent  product  kind 

Constructors 

A,B,C::= 

hi 

Base  types 

1 

0,  ^, . . . 

Variables 

1 

Xa:K.A 

Function 

1 

AA' 

Application 

1 

{A,  A') 

Pair 

1 

'KiA 

Projection 

Figure  1:  Syntax  of 


Our  main  technical  result  is  the  proof  in  Section  4  that  the  algorithm  of  Section  3  is  both  complete  and 
terminating.  Our  proof  of  completeness  is  inspired  by  Coquand’s  use  of  Kripke  logical  relations,  but  our 
proof  differs  substantially  from  his.  Our  “worlds”  are  full  contexts  rather  than  sets  of  bound  variables.  More 
importantly,  we  make  use  of  a  novel  form  of  Kripke  logical  relations  in  which  we  employ  two  worlds,  rather 
than  one. 

In  Section  5  we  use  this  completeness  result  to  show  the  correctness  of  the  natural  algorithm.  This  yields 
the  practical  algorithm  used  in  the  TILT  implementation. 

Finally  we  discuss  related  work  and  conclude. 

Appendix  A  contains  the  full  set  of  rules  for  the  calculus,  and  Appendix  B  contains  a  collection  of 
important  but  standard  properties  of  the  calculus. 

2  The  calculus 

2.1  Overview 

The  syntax  of  is  shown  in  Figure  1.  The  constants  6,-  of  kind  T  represent  base  types  such  as  int.  As 
usual,  we  use  the  usual  notation  of  K1XK2  for  Yi(x:Ki .K2  and  Ki — i-R.2  for  Tlw.Ki .K2  when  ct  is  not  free  in 

K2. 

There  is  a  natural  notion  of  size  for  kinds  where  size(T)  =  1,  size(5(A))  =  2,  and  size(Ila:K.K')  — 
size{T.a:K.K')  =  size{K)  +  size{K')  +  2.  The  size  of  a  kind  is  preserved  under  substitution  of  terms  for 
variables. 

The  declarative  rules  defining  the  kinding  and  equivalence  system  of  A^^'^  are  given  in  Appendix  A.  For 
the  most  part,  these  are  the  usual  rules  for  a  dependently-typed  lambda  calculus  with  equivalence.  We 
concentrate  here  on  presenting  the  less  common  rules. 

Since  we  restrict  constructors  within  singletons  to  be  types  (constructors  of  kind  T) ,  we  have  the  following 
well-formedness  rule  for  singleton  kinds: 

T\-A:T 
T  h  5(A)  ■ 

However,  Section  2.3  shows  that  singletons  of  constructors  of  higher  kind  are  definable  in  this  language. 
There  are  two  introduction  rules  for  singletons: 

T\-  A:T  T\-A  =  B:T 

T\- A:  5(A)  F  h  A  =  S  :  5(A) 
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and  a  corresponding  elimination  rule: 

T\- A:  S{B) 
r\-A  =  B:T' 

The  calculus  includes  implicit  subsumption,  where  the  subkinding  relation  is  generated  by  the  rules 

T\-A:T  T\-Ar=A2:T 

r  I-  5(yl)  <T  T\-  S{Ai)  <  S{A2) 

and  is  lifted  to  subkinding  at  11  and  S  kinds  with  the  usual  co-  and  contravariance  rules.  Under  this  ordering, 
the  singleton  introduction  rule  above  allows  a  constructor  A  of  kind  T  to  be  viewed  as  a  constructor  of  the 
subkind  5(^4).  Symmetrically,  by  subsumption  any  constructor  of  a  singleton  kind  can  be  viewed  as  having 
the  superkind  T. 

Constructor  equivalence  includes  j3  and  t]  rules  for  functions  and  pairs.  We  express  the  tj  rules  as 
extensionality  principles: 

r  h  :  Ha-.K'.K'^  T  h  EaiK'.K" 

r\-  A2:  Ua-.K'.K^  r  h  niAi  =  7riA2  :  K' 

r,a:K'  I-  Aia  =  A2OC :  K"  T  h  7r2j4i  =  ^2^2  : 

r  h  ^  =  ^2  :  na.K'.K"  T  \-  Ai  =  A2  ■.  ^a:K'.K" 

The  constructor  well-formedness  rules  may  be  seen  as  reflexive  instances  of  equivalence  rules.  For  example, 
we  have  the  following  two  non-standard  kinding  rules  corresponding  to  the  extensionality  rules: 

r  h  Y.a-.K'.K" 

T\-A:  Ua:K'.K!i;  T  \- tt^A  :  K' 

r,  a-.K'  h  Aa  :  K"  F  h  7r2A  :  {a^niA}K" 

T\-A:  Ha-.K'.K"  F  h  yl  :  EaiK'.K" 

Similar  rules  have  previously  appeared  in  the  literature,  including  the  non-standard  structure-typing  rule 
of  Harper,  Mitchell,  and  Moggi  [7],  the  “VALUE”  rules  of  Harper  and  Lillibridge’s  translucent  sums  [6], 
the  strengthening  operation  of  Leroy’s  manifest  type  system  [8],  and  the  “self”  rule  of  Leroy’s  applicative 
functors  [9].  In  the  presence  of  singletons,  these  rules  give  constructors  more  precise  kinds  than  would 
otherwise  be  possible.  (See  Section  2.3.) 

A  number  of  straightforward  properties  of  the  calculus,  used  in  the  following  proofs,  are  given  in 

Appendix  B. 

2.2  Examples  of  Term  Equivalence 

As  mentioned  in  the  introduction,  singletons  in  the  context  can  act  as  definitions  and  partial  definitions  for 
variables.  So  the  provable  judgments  include: 

a  :  S{bi)  h  a  =  6j  :  T 
a  :  S{bi)  h  (a,  6,)  =  {bi,a)  :  TxT 
a  :  TxS{bi)  h  7r2a  =  bi  :T 
a  :  Ti/3:T.S{^)  h  ;ria  =  7r2a  :  T 
a  :  E/?:T.5(/?)  h  a  =  (ttiq;,  ttiq:)  :  TxT. 

In  the  last  two  of  these  equations,  the  assumption  governing  a  gives  a  definition  to  W2a  (namely  ttio)  without 
specifying  what  the  two  equal  components  actually  are. 

Singletons  behave  like  terminal  types,  so  by  extensionality  we  can  prove  equivalences  such  as: 

a  :  S(bi)-yT  h  a  =  X0:S{bi).{abi)  :  S(bi)-^T 
a  :  T^S{bi)  has  X^iT.bi  :  T-^T 

Notice  that  in  the  first  of  these  equations,  the  right-hand  side  is  not  simply  an  7j-expansion  of  the  left-hand 
side. 
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S{A  :  T) 

5(>l  :  Ua:Ki.K2) 
:  i:a:Ki.K2) 


S{A) 

SiA) 

na:Ki.(5(Aa  :  K2)) 

(5(7riA  :  Ki))x{S(n2A  :  {a^TriA}K2)) 


Figure  2:  Encodings  of  Labelled  Singletons 


Because  of  subkinding,  constructors  do  not  have  unique  kinds.  The  equivalence  of  two  constructors 
depends  on  the  kind  at  which  they  are  compared;  they  may  be  equivalent  at  one  kind  but  not  at  another. 
For  example,  one  cannot  prove 

I-  Xa-.T.a  =  Xa-.T.bi  :  T^T 

as  the  identity  function  and  constant  function  have  distinct  behaviors.  However,  by  subsumption  these  two 
functions  also  have  kind  S{bi)—i-T  and  the  judgment 

1-  Xa:T.a  =  Xa-.TM  :  S{bi)^T 


is  provable  using  extensionality. 

The  classifying  kind  at  which  constructors  are  compared  depends  on  the  context  of  their  occurrence.  For 
example,  from  this  last  equation  it  follows  that 

/?  :  {S{bi)^T)^T  H  l3{Xa:T.a)  =  ^{Xa-.T.bi)  :  T 


2.3  Labelled  Singletons 

In  our  calculus  5(^)  is  well-formed  if  and  only  if  A  is  of  type  T.  Aspinall  [1]  has  studied  equivalence  in  a 
lambda  calculus  with  labelled  singletons  of  the  form  S[A  :  K).^  This  represents  the  kind  of  all  constructors 
equivalent  to  A  at  kind  K.  Because  equivalence  depends  on  the  classifier,  the  label  K  in  these  labelled 
singletons  does  matter.  It  follows  from  the  examples  of  the  previous  section  that  S{Xa:T.bi  :  Ila:S{bi).T) 
and  S{Xa:T.bi  :  T-^T)  are  not  equivalent;  only  the  former  classifies  the  identity  function  Xa:T.a. 

Our  system  does  not  contain  such  labelled  singletons  as  a  primitive  notion  because  they  are  all  definable; 
Figure  2  gives  an  inductive  definition. 

For  example,  if  /?  has  kind  T-^T,  then  5(/?  :  T-)-T)  is  defined  to  be  Tla:T.S{^a).  This  can  be  interpreted 
as  “the  kind  of  all  functions  which,  when  applied,  yield  the  same  answer  as  /?  does”.  The  non-standard 
kinding  rules  mentioned  in  Section  2.1  are  vital  in  proving  that  /?  has  this  kind. 

The  following  proposition  shows  that  the  definitions  of  Figure  2  do  have  properties  analogous  to  Aspinall’s 
labelled  singletons. 

Proposition  2.1 

1.  Let  7  be  a  substitution  mapping  variables  to  terms,  extended  in  the  obvious  way  to  constructors  and 
kinds.  Then  j(S{A  :  K))  =  S{‘yA  :  'yK). 

2.  IfT  \-  A2:  K  andT\-  Ai:  5(^2  :  K)  then  F  h  Aj  =  A2  :  if. 

3.  Ifr  t-  Ai  =  A2  ;  if  then  F  h  Ai  =  A2  :  5(Ai  ;  K). 

4.  IfTbA:  K  then  F  F  5(A  :  if)  and  F  h  A  :  S{A  :  if). 

5.  If  F  h  A  :  if  then  F  h  S(A  :  K)  <  if. 

6.  IfF  h  Ai  =  A2  :  ifi  and  F  h  Ki  <  K2  then  F  h  5(Ai  :  ifi)  <  5(A2  :  K2). 

^Aspinall’s  notation  for  our  S(A  :  K)  is  .  Our  S(A)  is  not  the  same  as  Aspinall’s  unlabelled  singleton  {A},  but  rather 

would  correspond  to  {Air- 
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Proof: 


1.  By  induction  on  K. 

2.  By  induction  on  the  size  of  K > 

•  Case  /r  =  T  and  5(^2  :  K)  =  5(^2).  Then  T  h  Ai  =  ^2  :  T  by  Rule  34. 

•  Case  K  =  S{B)  and  5(^2  :  K)  ==  5(^2).  Then  T  h  =  ^2  :  T  and  T  h  7I2  =  B  :  T,  so 

r  h  =  ^2  :  S{B). 

•  Case  A  =  Yioi:Ki.K2  and  S{^A2  :  A")  =  nQ':A"i.5(i42Qr  :  Ar2).  Then  T^a\K\  h  Aia  :  5(^420'  :  A'^2)-  By  the 
inductive  hypothesis,  r,a:A"i  h  Aia  =  A2a  :  K2.  Therefore  by  Rule  30  we  have 

ri-^i  =  ^2  :na:iri.A^2. 

•  A"  =  Ea:/fi.A"2  and  S{A2  :  A")  =  {S{'KiA2  :  A"i))x(5(7r2v42  :  {o!^7riA2}K2))-  Then 

r  (-  TTiAi  :  3(7:1  A2  :  ATi)  and  T  h  7:2 Ai  :  S(7:2A2  :  {oi^7:iAi}K2)-  By  the  inductive  hypothesis, 
r  h  TtiAi  =  7:iA2  :  Ki  and  T  h  7:2 Ai  =  7r2A2  :  {oii-^7:iAi}K2^  Therefore  by  Rule  31  we  have 
rh^i  =^2  :^a:Ki.K2. 

3.  By  induction  on  the  size  of  K. 

•  Case  K  =  T  and  S(Ai  :  K)  =  S{Ai),  and  T  h  =  A2  :  5(Ai). 

•  Case  K  —  S(B)  and  5(^2  :  A")  =  5(^2)-  Straightforward. 

•  Case  K  =  UaiK'.ir  and  S{Ai  :  AT)  =  Ua:K\S{Aia  :  K").  Then  r,a:/C  h  =  A2a  :  AT".  By  the 

inductive  hypothesis,  r,a:A"'  h  Aia  =  A2a  :  :  A"").  Therefore  by  Rule  30, 

r  I-  =  ^2  :  na:A^''.5(Aia  :  K"), 

•  K  =  EaiK'.K"  and  S(Ai  :  K)  =  (S(7:iAi  :  K'))x(S{7:2Ai  :  {a^7:iAi}K'')),  Then 

r  (-  TTiAi  =  TTi ^2  *  K'  and  T  h  7:2Ai  =  7r2^2  :  {ai-^TTiAi^K” .  By  the  inductive  hypothesis, 
r  h  7:1  Ai  ~  7riA2  :  5'(7riAi  :  K')  and  T  h  772^1  =  7r2i42  :  8(7:2 Ai  :  {ai-^7:iAi}K'^).  Therefore  by  Rule  31 
we  have  T  Ai  =  A2  :  (8(7:1  Ai  :  A"'))x(6'(7r2Ai  :  {a\-^7:iAi}K”)) 

(Note  the  crucial  use  of  extensionality  in  the  11  and  E  cases.) 

4.  By  reflexivity  of  equivalence.  Part  3,  and  Lemma  B.l. 

5.  By  induction  on  the  size  of  K. 

•  Case  K  —  T  and  3(A  :  A")  =  Assume  T  A  :T.  By  Rule  9  we  have  T  h  *S'(A  :  T)  <  T. 

•  Case  K  =  8(B)  and  8(A  :  K)  =  8(A).  Assume  T  h  A  :  8(B).  Then  ri-A  =  B:Tsori-  5(A)  <  8(B). 

•  Case  K  =  Ila:Ki.K2  and  5(A  :  K)  =  na:A"i.5(Aa  :  A^2)-  Then  T  h  Ki  and  F, a:A^i  1-  Aa  :  A^2*  By  the 
inductive  hypothesis,  r,a:A^  f-  5(Aa  :  Ar2)  <  K2.  Therefore,  F  h  na:A^.5(Aa  :  Ar2)  <  na:A^i.Ar2. 

•  Case  K  =  EaiK'.K”  and  5(A  :  A^)  =  (5(7riA  :  K'))x(3(7:2A  :  {a^7:iA}K")).  Then  F  (-  ttiA  :  K'  so 
by  the  inductive  hypothesis,  F  h  5(7riA  :  A"')  <  K'.  Furthermore,  F  h  772 A  :  {an-j-Tn  A}A"",  By  the 
inductive  hypothesis,  F  f-  5(7r2A  :  {ai-5^7riA}/F")  <  {ai-47ri A}Ar".  Also,  by  Lemma  B.l  and  Weakening, 
F,  a:5(7riA  :  K^)  I-  K”  <  K**  and  by  Part  4  F,  a:5(7riA  :  A"^)  h  a  =  ttiA  :  K'  so  by  Lemma  B.ll 

F,  a:5(7riA  :  K')  h  {aH“7riA}A'"  <  K”.  Therefore, 

F  I-  (5(7riA  :  iF0)x(5(7r2A  :  {ah^TriA}/^))  <  Ea:/C./F". 

6.  By  induction  on  the  size  of  A'l. 

•  Case  Ki  =T  or  5(Ai)  and  A2  =  T  or  5(A2).  5(Ai  :  Ki)  =  5(Ai),  5(A2  :  K2)  =  5(A2),  and  the 
desired  conclusion  follows  by  Rule  11. 

•  Case  ATi  =  TlaiKi.Ki  and  K2  =  ^a:A"2.A^2^  5(At  :  Ki)  =  ncv:Ar/.5(Ata  :  A"f).  By  inversion 

F  h  A"2  <  K[  and  F, aiAT^  b  K”  <  Now  F,  aiAT^  h  Aia  =  A2Qr  :  K” .  By  the  inductive  hypothesis, 

F, a:/F2  b  5(Aia  :  Ki)  <  8(A2a  :  K^)^  The  conclusion  follows  by  Rule  12. 

•  Case  A'l  =  Tia:K[.Ki  and  K2  =  •  S(^i  ‘  Ki)  =  Ea:5(7ri Ai/F(  :  .)5(7r2Ai  :  {ai->-7ri Ai}A"") 

and  5(A2  :  K2)  =  Ea:5(7riA2Ar2  :  .)5(7r2A2  :  {01^7:1  A2}K2)’  Now  F  b  ttiAi  =  7riA2  :  ATJ  and 

F  b  7r2Ai  =  7r2A2  :  {at-^TTi Ai}/F('.  By  the  inductive  hypothesis,  F  b  5(7riAi  ;  K[)  <  5(7riA2  :  K2)’ 

Since  F  b  {ai-)-7ri  Ai}A’f  <  {a^-^7rlA2}A"2^  the  inductive  hypothesis  applies  yielding 
F  b  5(7r2Ai  :  {aH-47riAi}A"(')  <  5(7r2A2  :  {ah->7ri A2}A"20-  (Here  it  is  important  that  the  induction  is  on 
the  size  of  Ki  and  not  by  induction  on  the  proof  F  b  ATi  <  Ar2.)  The  desired  result  follows  by 
Weakening  and  Rule  13. 
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ri-6i^5(6,) 
r  I-  a  fr  ^(a  :  r(a)) 
r  h  Xa-.K'.A  fr  Ua-.K'.K" 
r  h  >1^1'  -fr  {a^^A'}K" 

T\-  {A',  A")  i[K^xK" 
r  h  TTiA  K' 
r  I"  W2A  fl'  {a>-^'KiA}K' 


where  F,  a  :  /"iT'  h  ^4  ff  K" 

where  F  h  fl"  Ua-.K'.K” 

where  F  h  fr  K'  and  F  h  -fr  K”. 

where  F  h  A  fl'  Ila:K' .K” 

where  F  h  A  ff  nQ':/F'./F" 


Figure  3:  Algorithm  for  Principal  Kind  Synthesis 


■ 

It  is  curious  to  note  that  in  our  system,  as  in  Aspinall’s,  /?-rules  become  admissible  in  the  presence  of 
singletons.  This  can  be  easily  seen  using  Proposition  2.1;  for  example, 


T,a:K2\- A:  K 
T,a:K2\-A:SiA:K) 

F  h  Xa:K2.A  :  Ua:K2.S(A  :  K) 


F  h  As  ;  Ks 


F  h  (Aa:/'f2'A)A2  :  S'({ai->-A2}A  :  {ai— )-A2}A) 
F  h  (Xa-.K2.A)A2  =  {ai— >A2}A  :  {ai-^As}/! 


For  convenience  we  have  chosen  to  formulate  the  system  with  a  stronger  form  of  the  ^-rules  (though  we 
conjecture  this  does  not  change  the  system)  and  we  do  not  use  this  admissibility  result  in  the  remainder  of 
the  paper. 


2.4  Principal  Kinds 

Figure  3  gives  an  algorithm  for  determining  the  principal  kind  of  a  well-formed  constructor.  Correctness  is 
shown  by  the  following  lemma: 


Lemma  2.2 

Jf  F  h  A  :  I  then  F  h  A  ff  K,  F  h  A  :  A,  and  F  h  A’  <  5(A  :  L). 


Proof:  [By  induction  on  the  proof  of  the  eissumption, 
•  Case:  Rule  18. 


rh  ok 

r  f-  :  T 


5(60  and  r  h  6i  :  5(60-  S{hi  :  T)  =  S{hi).  T  h  6  =  6  :  T,  so  T  h  5(6)  <  5(6). 
•  Case:  Rule  19. 

rhok 

r  h  a  :  r{a)~ 


1.  r  h  a  ft  S{a  :  r(a))  by  definition. 

2.  By  Proposition  2.1,  T  h  5(a  :  T{a)) 

3.  and  P  P  a  :  5(a  :  r(a)). 

4.  Thus  by  refiexivity,  T  h  5(a  :  T(a))  <  S{a  :  r(a)). 


Case:  Rule  20. 


1.  By  the  inductive  hypothesis  F, 

2.  T,a:K'\-  A: 


r,a:K'\- A:  L" 
r  h  Xa:K\A  :  Ua:K\L" 

a:K'  \- A  i\  K”, 
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3.  and  r,  a:K'  h  K"  <  5(^  :  L"). 

4.  Then  T  I-  Xa:K'.A  1)-  Ua:K'.K'' 

5.  and  r  h  Xa:K'.A  :  Ua-.K'.K". 

6.  Now  r,a:/'!''  h  {Xa:K'.A)a  =  A  :  L", 

7.  so  r,a:K'  I-  5(^4  :  L")  <  S{(Xa:K'.A)a  :  L”)  by  Proposition  2.1. 

8.  Since  S{Xa:K'.A  :  Ua-.K'.L")  =  Ua:K'.S{{Xa:K'.A)a  :  L") 

9.  and  r  h  A"  <  A", 

10.  we  have  T  h  Ua:K'.K"  <  S{Xa:K'.A  :  Ua:K'.L''). 

•  Case:  Rule  21. 

r\-A:  Ua-.L'.L”  T  \- A'  :  L' 
r^AA':  {a>-^A')L" 

1.  By  the  inductive  hypothesis  F  h  A  A" 

2.  T\-A-.K 

3.  and  r  h  A"  <  S(yl  :  na:L'.L"). 

4.  Now  S{A  :  Ua:L'.L")  =  Ua:L'.S{Aa  :  L"). 

5.  By  inversion  K  =  HaiK' .K", 

6.  r  I-  L'  <  A", 

7.  and  r,  a:L'  h  K"  <  S{Aa  :  L"). 

8.  Then  F  I-  >1^'  ft  {a^A'}K". 

9.  By  subsumption,  T  A'  :  A",  so 

10.  T\-  AA'  ■.  {ay^A')K". 

11.  Finally,  by  Lemma  B.4  and  Proposition  2.1  we  have  F  h  {ai-^A'}K"  <  S{AA'  :  {a\-^A'}L"). 

•  Case:  Rule  22 

F  h  ^  :  Ua-.L'.L" 

V\--kiA:L' 

1.  By  the  inductive  hypothesis,  F  h  ^4  ff  A', 

2.  F  h  ^  :  A', 

3.  and  F  h  A'  <  S(yl  :  Y,a-.L' .L"). 

4.  Now  S(A  :  Ea:L'.L")  =  S(kiA  :  L')xS(k2A  :  {aH-KiA}L"). 

5.  By  inversion,  K  =  Ua:K'.K", 

6.  and  Fh  A"  <  S(jri^  :  i'). 

7.  Finally,  F  h  n-ij4  A" 

8.  and  F  h  ttiA  :  A". 

•  Case:  Rule  23 

r\-A:  Ua-.L'.L" 

F  h  n2A  :  {ai-4Jri^}L" 

1.  By  the  inductive  hypothesis,  F  h  j4  ff  A”, 

2.  F  h  .4  :  A', 

3.  and  F  h  A'  <  S{A  :  lla.L' .L"). 

4.  Now  S{A  :  T,a:L'.L")  =  S{kiA  :  L')xS{-K2A  :  {ah^‘KiA}L"). 

5.  By  inversion,  K  =  Ua-.K'.K", 

6.  F  F  AT'  <  5(;riA  :  L'), 

7.  and  F,a:A"  h  K"  <  S(ir2A  :  {ai^iriA}L"). 

8.  Then  F  F  :  A". 
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9.  so  by  Lemma  B.4  and  Proposition  2.1,  T  h  {ay-^niA}K”  <  S{7r2A  :  {ai-^7ri^}L^'). 

10.  Finally,  F  h  7r2A  ft  {ai-^7ziA}K” 

11.  and  r  h  7r2A  :  {a\-^7riA}K” . 


•  Case:  Rule  24 

r  h  EaiL'.L” 

T\-A^:V 
T\- A”  :  {ay^A'}L" 
r\-  {A\A"):Ea:L\L" 

1.  By  the  inductive  hypothesis,  F  h  ft  K'y 

2.  F  h  :  K\ 

3.  F  h  iF'  <  S{A'  :  V), 

4.  F  h  A”  ft  /F", 

5.  F  I-  A"  :  iF", 

6.  and  F  h  K”  <  S{A”  :  {a^A'}L''), 

7.  ThenFI-{^^A")1^/F'x/F'^ 

8.  andFh  {A\  A”)  :  K^xK”, 

9.  Now  S{{A',A'')  :  SarLM")  =  5(7ri(A',  A")  :  V)xS{7r2{A\A")  :  {a^7r,{A' ,  A'^)}L''), 

10.  By  Proposition  2.1,  F  h  S{A*  :  L')  <  S(7Ti{A\  A”)  :  V) 

11.  and  F  P  S{A*'  :  {a'\-^A'}L”)  <  S{7T2{A\A”)  :  {ai->7Zi{A\  A”)}L"). 

12.  Therefore,  F  P  K^xK”  <  S{{A' A”)  :  Ea:L^L^^). 

•  Case:  Rule  25 

FP>l:T 


F  P  74  :  5(74) 

By  the  inductive  hypothesis,  noting  that  5(74  :  5(A))  =  5(A). 

•  Case:  Rule  27 

F  P  A  :  na:L'.Li' 
F,a:L'P  Aa:  L" 


F  P  A  :  na:L'.L'' 


1.  By  the  inductive  hypothesis,  F  P  A  ft  /F, 

2.  F  P  A  :  /F, 

3.  and  F  P  /F  <  5(A  :  na:L'.Li'). 

4.  Now  5(A  :  ^a:L^L^^)  =  UaiL' ,S{Aa  :  L”) 

5.  so  by  inversion  K  =  na:/F'./F" 

6.  and  F  P  L'  <  /F'. 

7.  Also  by  the  inductive  hypothesis  F,  q;:L'  P  Aa  ft  iF2^ 

8.  F,  a:L'  P  Aa  : 

9.  and  F,a:L'  P  <  S{Aa  :  L"). 

10.  But  since  the  principal  kind  synthesis  algorithm  is  deterministic  and  clearly  obeys  weakening,  we  have 

r=  {ah->a}iF"  =  /F". 

11.  Now  5(A  :  ^a:L^L^^)  =  na:L'.5(Aa  :  L"). 

12.  Therefore  F  P  UaiK'.K”  <  5(A  :  JlaiL' .L'*). 


•  Case:  Rule  26. 


F  P  ^a:L\L” 

T\-niA:L' 

F  P  7r2A  :  {a\-^KiA}L” 
F  P  A  :  Ea:L'.l7' 
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1.  First,  note  that  principal  kind  synthesis  never  returns  a  dependent  E  type. 

2.  By  Lemma  B.17  and  the  inductive  hypothesis  F  h  A  -fl  K'xK"  and  F  h  A  :  K'xK". 

3.  Also,  F  h  jriA  K', 

4.  F  h  wiA  :  K', 

5.  and  F  h  A"  <  5(ffi  A  :  L')- 

6.  Also,  F  I-  7r2A  K", 

7.  F  I-  jtsA  :  K”, 

8.  and  F  h  K"  <  5(7r2A  :  {ai-twi A}L"). 

9.  Since  5(A  :  T,a:L' .L")  =:  5(^-1  A  :  L’)xS{n2A  :  {ai->7riA}L"), 

10.  F  F  K'xK"  <  S(A  :  Y,a-.L' .L"). 

•  Rule  28 

ri-A:L2  ri-z,2<L 

Th  A:L 

The  desired  result  follows  from  the  inductive  hypothesis  euid  by  Proposition  2.1  to  get 
F  I-  5(A  :  L2)  <  5(A  :  L). 

I 

3  An  Algorithm  for  Constructor  Equivalence 

Following  Coquand,  we  present  the  equivalence  test  by  defining  a  set  of  rules  defining  algorithmic  relations, 
shown  in  Figure  4.  It  is  clear  that  these  rules  can  be  translate  directly  into  a  deterministic  algorithm,  since 
for  any  goal  there  is  at  most  one  algorithmic  rule  which  can  apply.  Then  decidability  of  the  algorithmic 
relations  corresponds  to  termination  of  the  algorithm. 

Our  algorithm  is  somewhat  more  involved  than  that  of  Coquand  because  of  the  context  and  kind- 
dependence  of  equivalence.  We  divide  the  algorithmic  constructor  equivalence  rules  into  a  kind-directed 
part  and  a  structure-directed  part,  while  Coquand  needs  only  structural  comparison.  Our  weak  head  nor¬ 
malization  includes  looking  for  definitions  in  the  context.  We  have  also  extended  the  algorithm  in  the  natural 
fashion  to  handle  E  types,  pairing,  and  projection. 

Define  an  elimination  context  to  be  a  series  of  applications  to  and  projections  from  which  we  call 
the  context’s  hole.  If  E  is  such  a  context,  then  E[A]  represents  the  constructor  resulting  by  replacing  the 
hole  in  E  with  A.  If  a  constructor  is  either  of  the  form  ^[a]  or  of  the  form  E[bi]  then  we  will  call  this  a  path 
and  denote  it  by  p. 


E  ::=  o 
I  EA 

I  TTiE 

I  7r2E 

The  kind  extraction  relation  T  \-  p 'I  K  attempts  to  determine  a  kind  for  a  path  by  taking  the  kind  of 
the  head  variable  or  constant  and  doing  appropriate  substitutions  and  projections.  A  path  is  said  to  have  a 
definition  if  its  extracted  kind  is  a  singleton  kind  in  this  case  we  say  B  is  the  definition  of  the  path. 

The  extracted  kind  is  not  always  the  most  precise  kind.  For  example,  a:T  h  a  t  T  but  the  principal  type 
of  a  in  this  context  would  be  /S(a).  We  must  show  that  given  a  well-formed  path,  kind  extraction  succeeds 
and  returns  a  valid  kind  for  this  path  using  induction  on  the  well-formedness  proof  for  the  path  (with  a 
strengthened  induction  hypothesis). 

Lemma  3.1 

IfT\-p:K  then  T  \-  p  "I  T  p  :  L,  and  F  h  S{p  :  L)  <  K. 

Proof:  By  induction  on  the  proof  of  the  hypothesis. 
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Kind  Extraction 

T\-  bi^  T 

r  1-  a  t  r(a) 
r  h  TTip  t  Ki 
r  h  7r2p  t 

r  h  M  t  {I3^a}K2 

Weak  head  reduction 

r  h  E[{\a:K.A)A']  ^  E[{a^A'}A] 
r  h  E[7ri{Ai^A2)]  E[Ai] 

T  h  £^[7r2(^i,  -A2)]  ■£'[^2] 

T\-  E\p]-^  E[B] 

Weak  head  normalization 

T\-Ai}^B 

T\-Ai).A 


iiT\-p\Ep:Ki.K2 

ifT\-p\'El3:Ki,K2 

ifrhptn/?:A"i.K2 


if  r  h  p  t  S{B) 

if  r  h  A  A'  and  r  h  A'  5 
otherwise 


Algorithmic  constructor  equivalence 
Ti  h  Ai  :  T  r2  H  A2  :  T 
Ti  h  Ai  :  S{Bi)  r2  h  A2  :  S{B2) 

Fi  h  Ax  :  Ila:Ki.Li  r2  h  A2  ’  Il(x:K2’L2 
Fi  h  Ai  :  Eai/Fi.Li  F2  H  A2  :  Ea:A2.A2 


ifFi  HAi  F2hA2Jj'P2j  Ti  -H“F2  \~  p2't  E 

always 

if  Fi, a:/Fi  h  Aia  :  Lx  O  F2,  Of:/F2  H  ^20^  :  A2 
if  Fi  h  ttxAx  :  Ki  o-  F2  h  7riA2  :  A2>  ^'^id 

Fi  h  7r2Ai  :  {ai-^7riAi}Li  F2  h  7r2A2  :  {aH->-7riA2}F2 


Algorithmic  path  equivalence 
Fi  h  6i  t  r  F2  h  bj  t  T 
Fi  h  a  t  ri(a)  F2  H  a  t  r2W 

Fi  h  piAi  t  {aH->-Ai}Fi 

F2  H  P2^2  t  {oi->A2}A2 
Fi  h  TTipi  t  Ai  F2  H  7riP2  t  E2 
Fi  h  7r2Pi  t  {(^'^^iPi}Lx  ^ 
r2  i-  7r2P2  t  {«'-^7riP2}J^2 

Algorithmic  kind  equivalence 
Fil-T<^F2l-T 
ril-5(Ai)<^F2h5(A2) 

Fi  h  na:A"i.Li  F2  H  na:K2--^2 
Fi  l-  Ea:Ai.Ai  <4^  F2  H  Eo:Ar2.I/2 


if  i  =  j 
always 

if  Fi  h  Pi  t  HaiAi.Ai  “H-  F2  H  p2  t  na:A2.A2, 
and  Fi  h  Ai  :  Ki  F2  h  A2  :  K2- 
if  F 1  1“  pi  "f  EoiKi-Ai  •<->■  F2  h  p2  "t  EQfiA2*A2« 
if  Fi  h  Pi  t  EaiATi.Ai  -H'  F2  h  p2  t  Ea:A2.A2 


always 

ifFihAi:r<^F2hA2:T 

if  Fi  1-  ATi  F2  h  A2  and  Fi,a:Ai  Lx  F2,o:A2  H  L2 
if  Fi  h  ATi  <^T2^  K2  and  Fi,  o:Ai  h  Ai  ^  F2,  o^:K2  I"  ^2 


Figure  4:  Algorithmic  Relations 


•  Case:  Rule  18.  p^hi. 

1.  Then  F  h  t  and  5(6^  :  T)  =  S{h^). 

2.  By  Rule  18,  F  1-  6^  :  T 

3.  and  by  Rule  9,  F  h  S{bi)  <  T. 

•  Case:  Rule  19.  p  =  a. 

1.  ThenFl-atr(a). 

2.  By  Rule  19  F  h  a  :  F(a), 

3.  and  by  Proposition  2.1  Part  5,  F  h  S{a  :  F(a))  <  F(a). 


•  Case:  Rule  21. 


F  h  p  :  ^a:A'^  A"  F  h  A' 

F  h  pA'  :  {aH>A^}A^^' 
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1.  By  the  inductive  hypothesis,  P  l-  p  Ha.V 

2.  r  h  p  :  na:L'.L",  and 

3.  Ph  S{p  :  na:L'.L")  <  lia:K^  .K” . 

4.  Then  P  h  pA’ t 

5.  Since  S{p  :  narL'.L")  =  na:L'.5(pa  :  L"), 

6.  we  have  by  inversion  of  Rule  12  that  P  h  /P'  <  V  and  P,a:A''  h  S{pa  :  L")  <  K" . 

7.  By  subsumption,  P  h  :  L' 

8.  and  hence  P  h  pA^  :  {«»-)■  by  Rule  21. 

9.  Finally,  by  Lemma  B.4  we  have  P  h  S{pA*  :  {a\-^A*}V)  <  {a\-^A’}K” . 

•  Case:  Rule  22. 

P  h  p  :  T.a:K‘,K^’ 

P  h  TTip  :  AT' 

1.  By  the  inductive  hypothesis,  P  h  p  t  Da:LM/", 

2.  P  h  p  :  Ea:L\L'\  and 

3.  P  h  S(p  :  Ea:L'.L")  <  EaiAT'.A^'. 

4.  Then  P  h  Trip  t  A', 

5.  and  by  Rule  22,  P  h  Trip  :  A'. 

6.  Since  5(p  :  Ea:A'.A")  =  5(Trip  :  A')x5'(7r2p  :  {a»-)'Trip}A"), 

7.  by  inversion  of  rule  13  we  have  P  h  5(Trip  :  A')  <  K\ 

•  Case:  Rule  23. 

P  h  p  :  EaJC'JC" 

P  h  Tr2p  :  {a'h-)-Trip}A"' 

1.  By  the  inductive  hypothesis,  P  b  p  f  T^a:L' ,L'\ 

2.  P  1- p  :  Ea:A'.A",  and 

3.  P  h  5(p  :  Ecv:A'.A")  <  Ea:A'''.A^". 

4.  Then  P  h  Tr2p  t  {a i-)- Trip} A", 

5.  and  P  1-  n2P  :  {ah-^7rip}L"  by  Rule  23. 

6.  Since  ^(p  :  Ea:A'.A")  =  *S'(Trip  :  A')XiS'(Tr2p  :  {aH>-Trip}A"), 

7.  by  inversion  of  Rule  13  P,a:S'(Trip  :  A')  h  5(Tr2P  :  {a»-^7rip}A")  <  K”. 

8.  Then  P  h  Trip  :  ^(Trip'  :  A') 

9.  so  by  the  Substitution  Lemma  B.4  we  have  P  (-  5(Tr2p  :  {ah^Trip}A")  <  {a\-^7rip}K'' . 

•  Case:  Rule  25 

PI-p:T 

ri-p:5(p) 

1.  By  the  inductive  hypothesis,  P  h  p  f  A, 

2.  P  h  p  :  L, 

3.  and  P  h  5(p  :  A)  <  T. 

4.  Thus  A  is  either  T  or  a  singleton,  and  S(p  :  A)  =  5(p). 

5.  and  by  reflexivity,  P  h  S{p)  <  5(p). 

•  Case:  Rule  26, 

P  h  Y.a:K\K” 

P  b  TTip  : 

P  b  Tr2p  :  {a\-^'Kip}K” 

P  b  p  :  Ea:Ar'./C^ 

1.  By  Lemma  B.17  and  the  inductive  hypothesis,  P  b  p  f  Ea:A^  A^^, 

2.  P  b  p  :  Ea:ALA", 
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3. 

4. 

5. 

6. 

7, 

8. 

9. 

10. 

11. 

12. 

•  Case: 


1. 

2. 

3. 

4. 

5. 

6. 
7. 

•  Case: 


1. 

2. 

3. 

4, 


ThniptL', 

T  h  TTip  :  L\ 
r  h  5(7rip  :  L')  <  A'^ 
r  h  TTap  t  {a'i-^7rip}L'\ 
r  h  7r2P  :  {cvi-^TripjL'', 

and  r  h  5(7r2p  :  {ai->7rip}L'')  <  {ai-)- Trip} AT", 

Now  to  show  that  T  h  <S(p  :  Sa:L^L^^)  <  .K” 

it  remains  to  show  that  P,  a:5(7rip  :  V)  h  5(7r2p  :  {ai-^7rip}L^^)  < 

But  r,  a:5(7rip  :  V)  h  {ai-^7rip}A"''  = 

so  the  desired  result  follows  from  Line  8  and  transitivity. 


Rule  27. 


r  h  p  :  ncvrA^'.AT 
r,a:/P'hpa:  A'" 
rWp:na:A^^A'" 


By  the  inductive  hypothesis,  P  h  p  t  IlarL'.L'', 

PI-p:na:L'.L'', 

and  P  h  (na:L'.5(pa  :  L"))  <  na:Ar'./Pr. 

By  inversion,  P  h  A"'  <  V . 

By  the  inductive  hypothesis,  and  determinacy  and  weakening  of  the  kind  extraction  algorithm, 

P,a:A^'|-pat  A'' 

and  P,  (x:K'  h  S(pa  :  <  K”. 

Therefore,  P  h  HaiL' .S {pa  '  L*^)  <  Tla\K’  . 


Rule  28. 


P  h  p  :  /Pi  P  h  Ki  <  K2 
P  h  p  :  K2 


By  the  inductive  hypothesis,  P  h  p  t  Aj 
Pf-p:A, 

and  P  h  5(p  :  A)  <  /Pi. 

By  transitivity,  P  h  5(p  :  A)  <  /P2. 
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Corollary  3.2 

/f  P  (-  A;[p]  :  /P  and  P  h  p  t  S{A)  then  P  h  A[p]  =  E[A]  :  K. 

Proof: 

1.  By  Lemma  3.1,  P  h  E\p]  t  A, 

2.  P  h  E[p]  :  A, 

3.  and  P  h  5(E[p]  :  A)  <  /P. 

4.  By  the  determinacy  of  kind  extraction,  this  can  be  reconciled  with  P  h  p  “f  only  if  A  =  o  and  A  =  S{A). 

5.  Thus  by  Rule  34,  P  h  p  =  ^  :  T. 

6.  Now  S{E\p]  :  A)  =  S{p). 

7.  By  inversion  of  subkinding,  either  K  =  T  or  K  =  S{A')  with  P  h  p  =  :  T. 

8.  In  either  case,  P  h  p  =  A  :  A". 

9.  That  is,  P  b  E\p]  =  E[A]  :  K  as  desired. 
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■ 

The  weak  head  reduction  relation  T  \-  A  B  contracts  the  head  /?-redex  of  A,  if  such  a  redex  exists. 
Otherwise,  when  the  head  of  ^  is  a  path  with  a  definition  reduction  replaces  the  head  with  the  definition. 

Weak  head  normalization  T\-  A  ij.  B  repeatedly  applies  weak  head  reduction  to  A  until  a  weak  head 
normal  form  is  found.  Weak  head  reduction  and  weak  head  normalization  are  deterministic,  since  the  head 
/?-redex  is  always  unique  if  one  exists,  and  a  path  can  have  at  most  one  prefix  with  a  definition. 

The  algorithmic  term  equivalence  relation 


TihAi:  Ki  ^  Ts  h  ^2  :  K2 

is  intended  to  model  the  declarative  equivalence  Fi  h  =  ^2  :  when  h  Fi  =  r2  and  Fi  h  Ki  =  /F2. 

The  algorithmic  path  equivalence  relation 

Tl  H  Pi  t  ^  F2  h  p2  t  ^^2 

will  be  shown  to  implement  constructor  equality  for  head  normal  paths  when  h  Fi  =  F2.  As  a  notational 
convenience,  this  relation  explicitly  includes  the  extracted  kinds  of  the  two  paths  being  compared. 

Lemma  3.3 

IfTi  h  Ai  t  Ki  F2  h  A2  t  K2  then  Fi  h  Ai  t  and  F2  b  A2  t  A2. 

Finally,  the  algorithmic  kind  equivalence  relation 

Fi  b  Ki  F2  b  K2 

determines  whether  two  kinds  are  equivalent  given  b  Fi  =  F2.  This  easily  reduces  to  checking  the  equivalence 
of  constructors  appearing  within  singleton  kinds. 

To  prove  soundness  of  this  equivalence  algorithm,  we  first  prove  that  weak-head  normalization  preserves 
equivalence. 

Proposition  3.4 

7f  F  b  E[{Xa:L.A)A']  :  K  then  F  b  E[{Xa:L,A)A']  =  E[{a^A'}A]  :  K 
Proof:  By  induction  on  the  given  derivation. 

•  Case: 

F  h  Aa:L^A  :  Ua:K\K"  F  h  A'  :  K' 

F  h  (Aa:L'.A)A'  :  {a^A'}K" 

where  E  =  o. 

1.  Using  Proposition  B.16  and  the  correctness  of  principal  kind  synthesis  we  have  F,  a:L'  h  A  f|“  L", 

2.  F,a:L'h  A:L", 

3.  F  b  Aa:L'.A  fT  Ua:L\L", 

4.  F  h  XaiL'.A  :  Ua:L'.L'\ 

5.  and  (using  Proposition  2.1)  F  b  na:L'.L''  < 

6.  By  inversion,  F  I-  iF'  <  L' 

7.  and  F,a:iF'h  L"  <  /C'. 

8.  By  subsumption,  F  h  A'  : 

9.  Thus  F  h  (Aa:L.A)A'  =  {a^A'}A  :  {a^A'}L" 

10.  By  Substitution  F  h  {ai-)-A'}L"  <  {a}-^A*}K” , 

11.  Therefore  by  subsumption  we  have  F  h  (Xa:L.A)A*  =  {ai~>A'}A  :  {ai-^A'}K” 

•  AU  other  cases  follow  by  structiiral  rules  and  reflexivity  of  declarative  equivalence. 

I 
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Proposition  3.5 

1.  IfT  h  E[Tri{A',A")]  :  K  then  T  h  E[t:i{A' ,  A")]  =  E[A>]  :  K. 

2.  IfT  h  E[7r2{A',A"}]  ;  K  then  T  h  E[n2{A',A")]  =  E[A"]  :  K. 

3.  If  r  h  {A',  A")  :  Ea-.K'.K"  then  T  h  A'  :  K'  and  T  h  A"  :  {aH-A'}K''. 


Proof: 


1, 


2. 


3. 


rh7ri(A\A"}  :K' 

where  E  =  o, 

(a)  Inductively  by  Part  3,  P  (-  A'  :  A"' 

(b)  and  P  h  A”  :  {a^A^}K” . 

(c)  The  desired  result  follows  by  Rule  32. 

•  The  remaining  cases  follow  by  structxiral  rules  and  reflexivity. 


T\-{A\A"):Ea:K'.K” 

P  h  n2{A\A'^)  :  {a^ni{A' ,A'')}K" 

where  A  =  o. 

(a)  Inductively  by  Part  3,  P  h  A'  :  K* 

(b)  and  P  h  A"  :  {ai^A'JK", 

(c)  By  Rule  33,  P  h  7r2(A',  A")  :  {ai-^A'}/P". 

(d)  As  in  Part  1,  P  h  A[7ri(A',  A")]  =  A[A']  :  K. 

(e)  So  by  Lemma  B.ll  P  h  {aT-^TT\{A\A”)}K”  =  {a\~^A'}K" . 

(f)  Thus  by  subsumption  we  have  P  h  7r2(A',  A")  :  {ai->7ri(A',  A'')}A"". 
•  The  remaining  cases  follow  by  structural  rules  and  reflexivity. 


•  Case: 


Obvious. 


P  h  Ea:/P'.ir" 

P  h  Ai  :  iP' 

P  P  A2  :  {a^K‘)K” 

Ph  (Ai,A2>  :  Ea:K'.K” 


•  Case: 


PhSa:A^'.A^" 
Ph7ri(A',A'')  :iP' 

P  h  7r2{A',  A")  :  {a^^7ri(A',  A")}iP" 
PP  (A',A'')  :  Ea:K\K" 


(a)  Inductively  by  Part  1,  P  P  ;ri(A^  A")  =  A'  :  A'^ 

(b)  Inductively  by  Part  2,  P  P  7:2 (A^  A")  =  A”  :  {aH'7ri{A',  A")}Ar". 

(c)  By  Lemma  B.ll,  P  P  {ai-^ni{A\  A”)}K^^  =  {al-4A^}A"^^ 

(d)  Thus  by  subsumption  and  Lemma  B.l,  P  P  A^  :  A"^ 

(e)  and  P  P  A"  :  {ah4A'}/P". 


•  Case: 


PP(A',A"):  A^ 

P  P  ATi  <  EaiK'.K" 

PP(A',A"):Ea:/P'./P" 


(a)  By  inversion,  Ki  =  Ea:K[.Ki\ 

(b)  P  P  ATJ  <  K\ 

(c)  andP,a:iPlPiPr</<^"- 

(d)  By  the  inductive  hypothesis,  P  P  A'  :  Ki 

(e)  and  P  P  A"  :  {a^A'}Ki', 
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(f)  By  Lemma  B.4,  T  h  {a\-^A'}Ki  <  {aH-A*}K'\ 

(g)  Then  the  desired  results  follow  by  subsumption. 

■ 

Corollary  3.6 

IfT\-A:K  andT\-Ai).B  thenrhA  =  B:  K. 

Proof:  By  transitivity  and  reflexivity  of  declarative  equivalence,  it  suffices  to  show  that  ifT\-  A:  K  and  F  h  ^  --f  S 
then  r  h  A  =  B  :  K.  But  all  possibilities  for  the  reduction  step  are  covered  by  Lemma  3.1,  Proposition  3,4,  and 
Proposition  3.5.  | 

Theorem  3.7  (Soundness) 

1.  If\-  Fi  =  r2,  Fi  I-  Ki  =  K2,  Ti\-  Ai  :  Ki,  r2  P  ^2  :  K2,  and  Fi  P  :  Ki  ^T2\-  A2  :  K2  then 
Ti\-  Ai=A2:Ki. 

2.  If  P  Fi  =  r2,  Fi  Ppi  :  Li,  F2  P  P2  :  L2,  and  Fi  P  pi  t  Ki  r2  P  P2  t  ^2  then  Fi  P  =  K2  and 
Fi  P  Pi  =  p2  :  Ki. 

3.  /f  P  Fi  =  r2,  Fi  P  Kij  T2  P  K2j  and  Fi  P  ifi  r2  P  K2  then>Ti  Ki  =  K2. 

Proof:  Parts  1  and  2  follow  by  simultaneous  induction  on  the  algorithmic  judgments  and  by  cases  on  the  last  step 
in  the  algorithmic  derivation.  We  omit  the  proof  of  Part  3,  which  follows  directly  by  Part  1  and  induction. 

1.  •  Case:  Fi  h  yli  :  T  44^  F2  P  ^2  :  T  because  Fi  (-  ^1  ^ pi ,  F2  P  A2  if  p2,  and  Fi  (-  pi  t  T  F2  P  P2  t  7^- 

(a)  By  Corollary  3.6,  Fi  h  Ai  =  pi  :  T 

(b)  and  F2  h  >^2  =  P2  :  T. 

(c)  By  CoroUlary  B,13  Fi  h  ^2  =  P2  :  T, 

(d)  By  Lemma  B.l,  Fi  1-  pi  :  T 

(e)  and  F2  P  P2  :  T. 

(f)  By  the  inductive  hypothesis,  Fi  h  pi  =  p2  :  T. 

(g)  By  symmetry  and  transitivity  of  equivalence  therefore,  Fi  h  =  A2  :  T. 

•  Case:  Ti  \- Ai  :  S{Bi)  ^  F2  h  ^2  :  S{B2). 

(a)  By  Rule  34,  Fi  h  =  Bi  :  T 

(b)  and  F2  P  ^2  =  B2  :  T. 

(c)  By  inversion  of  Rule  15,  Fi  h  =  ^2  :  T. 

(d)  By  symmetry,  transitivity,  and  CoroUary  B.13,  Fi  h  ^1  =  A2  :  T. 

(e)  By  Rule  35  Fi  I-  ^1  =  A2  :  S(Ai). 

(f)  But  Fh  5(Ai)  <  S{Bi) 

(g)  so  by  subsumption  Fi  h  ^1  =  ^2  :  S{Bi). 

•  Case:  Fi  h  Ai  :  na:R"i.Li  O  F2  h  ^2  :  na:/<'2-L2  because  Fi,a:/Fi  h  ^la  :  Li  ^  F2,a':iF2  h  A2a  :  L2. 

(a)  Since  h  Fi,a:/ri  =  F2,a':K’2, 

(b)  Fi,a:iFi  h  Aia  :  Li, 

(c)  F2, Q':/F2  P  .42cy  :  L2, 

(d)  and  Fi,a:/Fi  h  Li  =  L2, 

(e)  the  inductive  hypothesis  applies,  yielding  Fi,a:A"i  h  Aia  =  A2a  :  Li, 

(f)  Thus  by  Rule  30,  Ti  \-  Ai  =  A2  :  UaiKi.Li. 

•  Fi  f-  >li  :  Ea:Ki,Li  F2  P  A2  :  Tia:K2-L2  because  Fi  P  ttiAi  :  K\  ^  F2  P  7ri^2  :  K2,  and 
Fi  h  772^1  :  {Q'H-)-7ri.4i}Li  *<=>  F2  P  t^2A2  :  {ai->-7ri.42}I/2. 

(a)  Since  Fi  h  ttMi  :  Ki 

(b)  F2  P  7riA2  :  K2, 

(c)  and  by  inversion  Fi  h  Ki  =  K2, 

(d)  by  the  inductive  hypothesis  we  have  Fi  \-  ttiAi  =  ttiA2  :  /Fi. 

(e)  By  Lemma  B.ll,  Fi  h  {a\-^7riAi}Li  =  {cx\-^7riA2}L2^ 
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(f)  Then  Fi  h  n2Ai  :  {ah-^niAi}Li 

(g)  and  T2  7r2A2  :  {aH->-7ri^2}T2. 

(h)  By  the  inductive  hypothesis,  Fi  h  7r2>li  ^  772^2  •  Ai}Li . 

(i)  By  Corollary  B.13  and  Rule  31,  Fi  h  =  ^2  •  DofiAi.I/i. 

2.  •  Case:  Fi  h  6,  t  ^  F2  h  6^  t  T. 

By  Lemma  B.l,  Fi  h  ok.  Thus  by  Rule  38,  Fi  h  6*  =  6t  •  T. 

•  Case:  Fi  h  a  t  Fi  (a)  <4  F2  h  a  t  F2(a). 

By  Lemma  B.l  and  Rule  39,  Fi  h  a  =  a  :  Fi(a). 

•  Case:  Fi  1-  pi^i  t  {a\-^Ai}Li  -O’  F2  1“  P2A2  t  {oi\-^A2}L2  because 

Fi  hpi  t  na:Li.L"  F2  b  p2  t  na:L2.L2  and  Fi  h  :  L[  ^  F2  b  ^2  :  L2. 

(a)  By  Lemma  B.17,  Fi  bpi  :  Ila:Ki.K[\ 

(b)  Fi  b  :  Ki 

(c)  F2bp2:na:iF^/F^', 

(d)  and  F2  b  ^2  : 

(e)  By  the  inductive  hypothesis,  Fi  b  Tla:L[,Li  =  ^a:L2.L2^ 

(f)  and  Fi  bpi  =p2  :  na:Li.L('. 

(g)  By  Lemma  3.1,  Fi  b  5(pi  :  I[a:L[.Li)  <  Jla:K[.Ki 

(h)  and  F2  b  5(p2  :  Ila:L2.L2)  <  Ila:K2^K2- 

(i)  Thus  Fi  b  ATi  <  L[ 

(j)  and  F2  b 

(k)  By  subsumption  then,  Fi  \-  Ai  :  L[ 

(l)  and  F2  b  ^2  : 

(m)  The  induction  hypothesis  applies,  and  so  Fi  b  yli  =  ^2  *  Lj . 

(n)  Thus  Fi  bpiAi  =  P2A2  :  {a^--^Ai}Li 

(o)  and  by  Lemma  B.ll,  Fi  b  {ai-^Ai}Li  =  {a\-^A2}L2  - 

•  Case:  Fi  b  Tnpi  t  A"i  <4  F2  b  7rip2  t  ^^2  because  Fi  b  pi  f  Da:A'i.Li  F2  b  p2  t  F)a:A"2.A2 

(a)  By  Lemma  B.17  the  inductive  hypothesis  applies, 

(b)  so  Fi  b  EaiKi.Li  H  Ea:A'2.L2 

(c)  and  Fi  bpi  =p2  :  TiaiKi.Li. 

(d)  Thus  Fi  b  TTipi  =  7rip2  :  Ki 

(e)  and  by  inversion,  Fi  b  A"i  =  A"2- 

•  Case:  Fi  b  7r2pi  t  {<^'-47ripi}Li  44  F2  b  n2P2  t  {Q^H-7rip2}L2  because 
Fi  bpi  tF:a:A'i.Li  44  F2  b  p2  t  S«:^2.A2. 

(a)  By  Lemma  B.17  the  inductive  hypothesis  applies, 

(b)  so  Fi  b  Ea:Ari.Li  =  Ea:A:2.L2 

(c)  and  Fi  b  pi  ~  p2  :  Ea:A"i  .Li . 

(d)  Thus  Fi  b  7r2Pi  =  7^2p2  •  {a»-47ripi}Li . 

(e)  Fi  b  TTipi  =  7rip2  :  Ki 

(f)  So  by  Lemma  B.ll,  Fi  b  {Q'f4' 7ripi}Li  =  {ai-47rip2}L2 

■ 

A  key  aspect  of  this  algorithm  is  that  it  can  easily  be  shown  to  obey  symmetry  and  transitivity  properties 
necessary  for  the  decidability  proof.  It  is  for  this  purpose  that  the  algorithm  maintains  two  contexts  and 
two  classifiers.  (Section  5  shows  that  this  redundancy  can  be  eliminated  in  an  actual  implementation.) 

Lemma  3.8  (Algorithmic  PER  Properties) 

J.  If  Ai  b  Ai  :  A:i  ^  As  b  A2  :  K2  then  As  b  As  :  iFs  Ai  b  Ai  :  Ki. 

2.  If  Ai  b  Ai  :  iFi  As  b  As  :  ATs  and  As  b  As  :  K2  A3  b  A3  :  ATa  then 

Ai  b  Ai  :  Ki  ^  A3  b  A3  :  X3. 
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3.  If  Ai  h  yli  -f  Ki  A2  H  ^2  t  -^2  then  A2  h  ^2  t  hC2  Ai  h  Ai  t  ifi- 

4.  If  Aj  h  j4i  t  iiTi  A2  h  ^2  1 1^2  and  A2  h  ^2  t  -^2  A3  h  As  f  then 

Ai  h  Ai  "I"  Ki  f->  A3  h  A3  'I'  K3. 

5.  If  Ai  h  A2  h  K2  then  A2  h  /fs  Ai  h  ifi . 

6.  If  Ai  I-  iiTi  A2  h  K2  and  A2  t-  K2  A3I-  K3  then  Ai  h  iiTi  A3  h  K3. 

Proof  Sketch:  By  induction  on  execution  of  the  algorithm. 


4  Completeness  and  Termination 

To  show  the  completeness  and  termination  for  the  algorithm  we  define  a  collection  of  Kripke-style  logical 
relations,  shown  in  Figures  5,  6,  and  7.  The  strategy  for  proving  completeness  of  the  algorithm  is  to  define  the 
logical  relations,  show  that  logically-related  constructors  are  related  by  the  algorithm,  and  finally  show  that 
provably-equivalent  constructors  are  logically  related.  Using  completeness  we  can  then  show  the  algorithm 
terminates  for  all  well-formed  inputs. 

We  use  the  notation  A  to  denote  a  Kripke  world.  Worlds  are  restricted  to  contexts  containing  no  duplicate 
bound  variables;  the  partial  order  A  on  worlds  is  simply  the  prefix  ordering. 

The  logical  kind  validity  relation  (A;  K)  valid  is  indexed  by  the  world  A  and  is  well-defined  by  induction 
on  the  size  of  kinds.  Similarly,  the  logical  constructor  validity  relation  (A;  A; /^T)  valid  is  indexed  by  a  A 
and  defined  by  induction  on  the  size  of  K,  which  must  itself  be  logically  valid. 

In  addition  to  validity  relations,  we  have  logically-defined  binary  equivalence  relations  between  (logically 
valid)  types  and  terms.  The  unusual  part  of  these  relations  is  that  rather  than  being  a  binary  relation  indexed 
by  a  world,  they  are  relations  between  two  kinds  or  constructors  which  have  been  determined  to  be  logically 
valid  under  potentially  different  worlds.  Thus  the  form  of  the  equivalence  of  kinds  is  (Ai;ifi)  is  {A2;K2) 
and  the  form  of  the  equivalence  on  constructors  is  (Ai;  Ai;ii:i)  is  (A2;  A2;  if2)-  With  this  modification, 
the  logical  relations  are  otherwise  defined  in  a  reasonably  familiar  manner.  At  the  base  and  singleton  kinds 
we  impose  the  algorithmic  equivalence  as  the  definition  of  the  logical  relation.  At  higher  kinds  we  use  a 
Kripke-style  logical  relations  interpretation  of  11  and  E. 

With  these  definitions  in  hand  we  construct  some  derived  relations.  The  relation  (Ai;A'i  <  Li)  is 
(A2;  A2  <  L2)  is  defined  to  satisfy  the  following  “subsumption-like”  behavior: 

(Ai;Ai;A'i)  is  {A2] A2\ K2) 

(Ai;Ai<Ai)  is  {A2-,K2<L2) 

(Ai;Ai;ii)  is  (A2;A2;T2) 

Finally,  we  have  validity  and  equivalence  relations  on  environments  (substitutions  mapping  variables  to 
constructors)  which  are  defined  by  pointwise  validity  and  pointwise  equivalence. 

We  first  give  some  basic  properties  of  the  algorithm  and  logical  relations. 

Lemma  4.1  (Weakening) 

1.  Ifr,  T"  A^  B  and  dom(r')  D  dom(r,  F")  =  0  then  F,  F',  F"  h  A  B 

2.  IfT,  F"  h  A  (j.  p  and  dom(F')  n  dom(F,  F")  =  0  then  F,  F',  F"  h  A  (I  p. 

3.  Jf  F,  F"  I-  A  t  A  and  dom(F')  n  dom(F,  F")  =  0  then  F,  F',  F"  h  A  t  A. 

4.  A Fi,  Fi'  h  Ai  :  Ai  F2,  F'2'  h  A2  :  A2,  dom(Fi)  n  dom(Fi,  F'/)  =  0,  and  dom(F9  H  dom(F2,  Fi')  =  0 
then  Fi,  F'l,  F'l'  h  Ai  :  Ai  ^  F2,  F'2,  F'2'  h  A2  :  A2. 

5.  If  Fi,  F"  t-  Ai  t  Ai  F2,  F2'  h  A2  t  A2,  dom(Fi)  fl  dom(Fi,  F")  =  0,  and  dom(F2)  fl  dom(F2,  Fo)  =  0 
then  Fl, F'l, F'l'  h  Ai  f  Ai  F2, F'j,  F'2'  h  A2  t  A2. 
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•  (Ai; /s'!)  valid  iff 

1.  -  Ki=T 

-  Or,  Ki  =5(^i)  and  (Ai;  Ai;  T)  valid 

-  Or,  Ki  =  Ua:K[.Ki  and  (Ai;/'S'i')  valid  and  VA'i  X  Ai,  A"  X  Ai  if  (Aj;  Ai; /tTl)  is  (Ai;A2;Ki) 

then  (A'l;  is  (A";  {ai-4A2}A'J') 

—  Or, =  Sa:/V'{.A'"  and  (Ai; /’i'i)  valid  and  VA'i  X  Ai,  A"  X  Ai  if  (A'l;  j4i;  Ki')  is  (A”\A2',K[) 
then  (Aj;  is  {Ai',{ay^A2}K") 

«  (Ai;Ari)  is  (A2;A'2)iff 

1.  (Ai ;A'i)  valid  cuid  (A2;/'f2)  valid. 

2.  And, 

-  Ki=T  and  K2  =  T 

—  Or,  Ki  =  S{Ai)  emd  K2  =  S{A2)  and  (Ai;Ai;T)  is  (A2;A2;r) 

-  Or,  Ki  =  Ila-.Ki.K['  and  K2  =  UaiKi-Ki'  and  (Ai; /fl)  is  (A2;  AT^)  and  VAj  X  Ai,  A^  X  A2  if 

.  (A'i;Ai;A'{)  is  (A2;A2;A'2)  then  (A'i;{ai-4-Ai}A'f)  is  (A2;  {oi-tA2}A'2 ) 

-  Or,  Ki  =  EatATi'.AT  and  K2  =  '^.a-.K^K'^  and  (Ai;  !<[)  is  (A2;  K)  and  VA'i  X  Ai,  A^  X  A2  if 
(A;;Ai;Ar{)  is  (A^;  A2;  A'^)  then  (Al;  {aK4Ai}AT)  is  (A^;  {ah4A2}A'^') 

•  (Ai;A'i<Li)  is  (A2;  Ar2  <  L2)  iff 

1.  VA'i  h  Ai,Ai  X  A2  if  {A'i;Ai;  A"!)  is  (A2;A2;  A2)  then  (A'i;Ai;Li)  is  {A2;  A2;  L2). 

Figure  5:  Logical  Relations  on  Kinds 


•  (A;  A;  Ai)  valid  iff 

1.  (A;  Ai)  valid 

2.  And, 

-  Ai  =  T  and  A  h  A  :  T  A  1-  A  :  T. 

-  Or,  Ai  =  S{B)  and  (A;  A;T)  is  (A;B;T). 

-Or,  Ai  =  na:A.L,  and  VA'  X  A, A"  X  A  if  (A';R';A)  is  (A"; 5"; A)  then 
is  {A"-,AB"-,{a^B"}L). 

-  Or,  Ai  =  Ha-.K.L,  (A;  ttiA;  A)  valid  and  (A;  7r2A;  {Q;i-^?riA}L)  valid 

.  (Ai;Ai;Ai)  is  {A2\  iff 

1.  (Ai;Ai)  is  {A2;A2) 

2.  And,  (Ai;Ai;Ai)  valid  and  (A2;  A2;  A2)  valid 

3.  And, 

-  Ai  =  A2  =  T  and  Ai  h  Ai  :  T  A2  h  A2  :  r. 

-  Or,  Ai  =  5(Bi),  A2  =  5(B2),  and  (Ai;  Ai;T)  is  (A2;  A2;T) 

-  Or,  Ai  =  na:Ai . A7,  A2  =  HarA^ . A^',  and  VAi  X  Ai ,  A'2  X  A2  if 

(A'i;Si;A()  is  {A'^-,  B^]  K'^)  then  (Ai;  AiBj;  {qh-Bi}A(0  is  {A'^-,A2B2\{ccy^B2}K'{). 

-  Or,  Ai  =  Ea:Ai.Ai',  K2  =  SarA^.A^',  (Ai; ttiAj;  AJ)  is  (A2; 7riA2;  A^)  and 
(Ai;  7r2Ai;  {ai->-7riAi}A'i')  is  (A2;  7r2^2;  {Q^'^’’'i^2}ft.20 


Figure  6:  Logical  Relations  on  Constructors 
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♦  (A;  7;  r)  valid  iff 

1.  Va  G  dom(r).  (A;  7a;  7(r(Q;)))  valid. 

•  (Ai;7i;ri)  is  (A2;72;r2)  iff 

1.  (Ai ; 71  ;ri)  valid  and  (A2; 72;  r2)  valid 

2.  And,  Va  e  dom(ri)  =  dom(r2).  (Ai;7ia;7i(ria))  is  (A2;72a:i72(r2a)). 

Figure  7:  Logical  Relations  on  Substitutions 


6.  If Fi,  r"  h  Ki  ^  r2, rg  h  K2,  dom(r')  n dom(ri,  rg)  =  0,  and  dom(r'2)  n dom(r2, rg)  =  0  then 
ri,ri,r'/hAi4:^r2,rg,rgi-A2. 

Lemma  4.2  (Monotonicity) 

1.  Jf  (Aj ;  iFi)  vedid  and  Aj  X  Ai  then  (A'j^;  ATi)  valid. 

2.If(Ai;Ki)  is  (A2;K2},  and  then  (A[;Ki)  is  (Ag;A2). 

3.  If(Ai;Ki  <  Li)  is  (A2;  A2  <  L2),  A'j  X  Ai,  and  Ag  X  A2  then  (Ag;/^!  <  Li)  is  (Ag;  ^2  <  i'2)- 

4.  If  {All  Ai;Ki)  is  (A2;A2;A2),  Ai  X  Aj,  and  Ag  X  A2  then  (Ai;Ai;Ai)  is  (Ag;A2;A2). 

5.  //(Ai;^!;/^!)  valid  and  Ai  X  Ai  then  (Ai;  Ai;  Ai)  valid. 

6.  Jf(Ai;7i;ri)  is  (A2;72;r2),  Ai  X  Ai,  and  Ag  X  A2  tien  (Ai;7i;  Ti)  is  (Ag;72;r2) 

We  next  give  a  technical  lemma  which  shows  that  logical  equivalence  of  kinds  is  enough  to  get  logical 
subkinding. 

Lemma  4.3 

Jf(Ai;Li)  is  (A2; L2),  (Ai;  Jl'i)  is  (Ai; Li),  and  (A2; /<'2)  is  {A2;L2)  then 
(Ai;Ai<Li)  is  {A2-,K2<L2). 

Proof:  Assume  (Ai;Li)  is  (A2;  L2),  (Ai;  Ai)  is  (Ai;  Li),  and  (A2;  A2)  is  (A2;L2). 

Let  (Ai.Ai)  X  (Ai,  A2)  and  assume  {A[\Ai;Ki)  is  (Ai;  A2;  ^2).  Then  (Ai;Ai)  is  (Ai;  A'2). 

•  Case  Ki  =  K2  =  Li  =  L2  —T.  (Aj;  Ai;T)  is  (Ai;  A2;r)  by  cissumption. 

•  Case  Ai  =  S(Si),  A2  =  S{B2),  Li  =  5(Ci),  and  L2  =  S{C2). 

1.  By  monotonicity,  AJ  h  Si  :  T  AJ  h  Ci  :  T 

2.  and  Ai  I-  S2  :  T  Ai  h  C2  :  T. 

3.  Similarly,  Ai  h  Ai  :  T  ^  Ai  t-  Bi  :  T, 

4.  Ai  I-  A2  :  T  Ai  h  B2  :  T,  and 

5.  and  Ai  h  Ai  :  T  Ai  I-  A2  :  T. 

6.  Thus  by  Lemma  3.8,  Ai  h  Ai  :  T  Ai  h  Ci  :  T 

7.  and  Ai  h  A2  :  T  .S-  Ai  I-  C2  :  T. 

8.  Therefore  (Ai ;  Ai ;  5(Ci ))  valid, 

9.  (Ai;A2;5(C2))  valid, 

10.  and  (Ai;Ai;5(C,))  is  (Ai; A2; ^(Cz)). 

•  Case:  Ki  =  na:Ai'.A{',  K2  =  Ua:Ki.Ki',  Li  =  Ua:L[.L'^,  and  Lj  =  na:Li.Li'. 

1.  Let  (Ai',  Ai')  X  (Ai,Ai)  cind  assume  (Ai';Si;Li)  is  (A";  B2;  L2). 

2.  By  monotonicity,  (Ai';A{)  is  (Ai';Ai), 
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3.  (A'/; Li)  is 

4.  {A”;K[)  is  (A";  Li),  and 

5.  is  {A^';L^). 

6.  By  the  inductive  hypothesis,  (A";  Li  <  K[)  is  (A^^  L2  <  L"^),  (Ai';Li  <  Aj)  is  (Ai;Li  <  Li),  and 
(A^';L^<A^^)  is  (A^';L^<L^). 

7.  Thus  (Ai';Bi;A‘i)  is  (A^'; B2;  AT^). 

8.  Since  (Ai^;jBi;Li)  is  (Ai';Bi;Li)  and  (A2;B2;L2)  is  (A2^B2;L2), 

9.  we  have  (A" ;  Bi ;  K[)  is  (A";  Bi ;  Li ), 

10.  and  (A^';B2;/<-0  is  (A^';B2;L^). 

11.  So,  (A";  ^iBi;  {aH-Bi}A"{')  is  (A^^ -^2^2 ;{«•-)' B2}A"20? 

12.  {Ai]{a\-)-Bi}Ki)  is  (A";  {aH->-Bi}Li'), 

13.  (Ai^;  {ai->-Bi}Li^)  is  (A2  ;{«*->•  B2}L2)7 

14.  and  (A2 ;  {cvi->B2}A^20  is  (A2 ;  {ai-)-B2}L2 ). 

15.  By  the  inductive  hypothesis,  (Ai^;  }A^{^  <  {Q'i-4Bi}Li^)  is  (A2  ;  {«H-B2}A2  <  {a'H^B2}L2). 

16.  Thus  (Ai';^iBi;{aH^Bi}LiO  is  (A^'; ^2^2; {ai^B2}L^0- 

17.  Therefore  (Ai;  ; Ha :Li. Li')  is  (A2; -A2; na:L2.L2 )• 

•  Case:  Ki  =  ^a:K[.K[\  K2  =  •,  Li  =  EQ':Li.Li',  and  L2  =  Ea:L2.L2. 

1.  (Ai;7ri^i;Ar;)  is  (A^; 7riA2; AT^): 

2.  Also,  (Ai;i^0  is  (Ai;/^^), 

3.  (Ai;Li)  is  (A^,L^), 

4.  {A[;F<[)  is  (Ai;Li), 

5.  and(Ai;/^^)  is  (A^;L^). 

6.  By  the  inductive  hypothesis,  (Ai;  ATi  <  Li)  is  (A2;  A"2  <  L2), 

7.  so  (Ai;7riAi;Li)  is  (A2; tti A2; L2). 

8.  By  similar  considerations,  (Ai ;  {ai-*47riAi}Ari')  is  (Ai ;  {a»-)^7ri Ai}Li'), 

9.  {A2;  {Q'i-^7r2A2}A"20  is  (A2;  {o'i->-7riA2}Li'), 

10.  and  (Ai;  {at-^TTi  Ai}Li')  is  (A2;  A2}L2). 

11.  By  the  inductive  hypothesis, 

(Ai;  {aH>7riAi}A""  <  {Q'i-)-7ri  Ai}Li')  is  (A2;  {an-^TTi  A2}A"2^  <  {ai-47ri  A2}L2 ). 

12.  Since  (Ai ;  ;r2Ai;  {ah-)'7ri Ai}A"i')  is  (A2;  7r2A2;  {an^TTi A2}A"20> 

13.  we  have  (Ai;  772^1;  {ai-^TTiAi} Li')  is  (A2;  7r2A2  ;{«•-)■  7riA2}L2'). 

14.  Therefore  (Ai;  Ai;  Ea:Li. Li')  is  (A2;  A2; EaiL^.L^' ). 

■ 

An  easy  corollary  of  this  lemma  may  be  visualized  as  the  following  rule: 

(Ai;Ai;A"i)  is  (A2;A2;i^2) 

{Ai]Ki)  is  (A2;/^2) 
is  is 

(Ai;Li)  is  (A2;L2) 

(Ai;Ai;Li)  is  (A2;A2;L2)" 

The  logical  relations  obey  reflexivity,  symmetry,  and  transitivity  properties.  The  logical  relations  were 
carefully  defined  so  that  the  following  property  holds: 

Lemma  4.4  (Reflexivity) 

1.  (A;  AT)  valid  if  and  oniy  if  (A;  AT)  is  (A;ff), 
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2,  {A;  A]  K)  valid  if  and  only  if  [A]  A;  K)  is 
5.  (A;7;r)  valid  if  and  ofliy  if  (A;  7;  r)  is  (A;7;r). 

Proof:  The  “if”  direction  is  immediate  from  the  definitions  of  the  logical  relations,  so  we  only  show  the  “only  if” 
direction. 

1.  By  induction  on  the  size  of  K.  Assume  (A; /f)  valid. 

•  Case:  K  =  T.  Follows  by  definition  of  (A;T)  is  (A;T). 

•  Case:  K  =:  S{B). 

(a)  (A;B;T)valid, 

(b)  A\-  B  :T  ^  Ah  B  :T. 

(c)  Then  (A;  B;T)  valid 

(d)  and  (A;B;T)  is  (A;B;T). 

(e)  Therefore  (A;  5(B))  is  (A;  5(B)). 

•  Case:  K  = 

(a)  By  (A;  valid  we  have  (A;  K')  valid. 

(b)  By  the  inductive  hypothesis,  (A; /f')  is  (A;  AT'). 

(c)  Let  (A',A'0  h  (A,  A) 

(d)  and  assume  (A';Ai;/C)  is  (A";A2;/0- 

(e)  By  (A;na:fr'.fC')valid  we  have  (A';{ai->Ai}/C")  is  {A”;{a\-^A2}K”). 

(f)  Therefore  (A;  is  (A;  na:A"'.ff"). 

•  Case:  K  =  Ea:K'.K”. 

Same  proof  as  for  EE  case. 

2.  By  induction  on  the  size  of  A.  Assume  (A;  A;  A)  valid.  Then  (A;  A)  valid  so  that  by  Part  1, 

(A;  A)  is  (A;  A). 

•  Case:  A  =  T. 

(a)  (A;  A;  T)  valid  imphes  A  h  A  :  T  A  h  A  :  T, 

(b)  Therefore,  (A;A;T)  is  (A;A;T). 

•  Case:  A  =  5(B). 

(a)  (A;  A;  5(B))  valid  implies  AI-A:T«^:^AI-B:T'. 

(b)  By  Lemma  3.8,  A  \-  A  :  T  ^  A  h  A  :  T, 

(c)  so  (A;  A;  T)  valid 

(d)  and  (A;A;T)  is  (A;A;T). 

(e)  Therefore  (A;  A;  5(B))  is  (A;  A;  5(B)). 

•  Case:  A  =  na:A'. A". 

(a)  Let  (A',  A")  ^  (A,  A) 

(b)  and  assume  (A';Bi;A')  is  (A'';B2;A'). 

(c)  Then  (A';ABx;{aH>Bi}A'0  is  (A";  AB2;  {ah^B2}A^0- 

(d)  Therefore  (A;  A;  Ha: A'. A")  is  (A;  A;  na:A'./f "). 

•  Case:  A  =  Ea:A'. A". 

(a)  Then  (A;  TTi  A;  A')  valid 

(b)  and  (A;  ;r2A;  {ai-)-7ri  A}A")  valid. 

(c)  By  the  inductive  hypothesis,  (A;7riA;A')  is  (A;7riA;A') 

(d)  and  (A;7r2A;{ai-)-7riA}A")  is  (A;  7r2A;  {a)-)-7riA}/f "). 

(e)  Therefore  (A;  A;  Ea:A^/f")  is  (A;  A;  Ea:A',A"). 

3.  (a)  Assume  (A;  7;  F)  valid. 

(b)  Let  X  E  dom(r)  be  given. 
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(c)  Then  (A;  7a;;  7(ra;))  valid. 

(d)  By  Lemma  4.4,  (A;  7a;;  7(ra;))  is  (A;  7a:;  7(ra;)). 

(e)  Therefore  (A;7;r)  is  (A;7;r). 

■ 

Symmetry  is  straightforward  and  exactly  analogous  to  the  symmetry  properties  of  the  algorithmic  rela- 
tions. 

Lemma  4.5  (Symmetry) 

1.  is  (A2;A'2)  then  {A^',  K2)  is  (Ai;Ai) 

2.  If  {Ai,  Ai',  Ki)  is  {A2;A2-,K2)  then  (A2;^2;A’2)  is  (Ai;  >li;  ATi). 

3.  Jf(Ai;7i;ri)  is  (A2;72;r2)  then  (A2;72;r2)  is  (Ai;7i;ri). 

Proof: 

1.  Assume  (Ai;  A"i)  is  (A2;  ^."2).  Then  (Ai;  A"i)  valid  and  (A2;  ^"2)  valid. 

•  Case:  Ki  =  K2  =  T.  Trivial. 

•  Case:  Ki  =  K2  =  S{A2)^ 

(a)  (Ai;Ai;T)  is  (A2;A2;T). 

(b)  Inductively  by  Part  2,  (A2;A2;T)  is  (Ai;Ai;T). 

(c)  Therefore  (A2;  5(A2))  is  (Ai;5(Ai)). 

•  Case:  Ki  =  Ua:Kl,K['  and  K2  = 

(a)  {Ai;Ki)  is  (A2;ir2)by  (Ai;/Ci)  is  (A2;i^2). 

(b)  By  induction,  (A2;A"2)  (Ai;/C{). 

(c)  Let  (A2,Ai)  y  (A2,  Ai)  and  assume  (A2;A2;  AT^)  is  {A[;Ai;Ki). 

(d)  Inductively  by  Part  2,  (A'i;Ai;A"{)  is  (A2;A2;  A^2)* 

(e)  By(Ai;A"i)  is  (A2;  Ar2)  again,  {A[;{a\-^Ai}Ki)  is  (A2;  {ai-^A2}Ar2') 

(f)  By  the  inductive  hypothesis  again,  (A2; {«i-4-A2}A"20  is  (A[\{ai-^Ai}Ki). 

(g)  Therefore,  (A2; na:A"2.A"20  i®  (Ar, na:Ari.A""). 

•  Case:  Ki  =  Ea:A"{.A7  and  K2  =  Ea:A"2.A"2  •  Same  proof  as  for  11  types. 

2.  Assume  (Ai ;  Ai;  A"i)  is  (A2;A2;Ar2).  Then(Ai;A"i)  is  (A2;  Ar2),  (Ai;  Ai;  A"i)  valid,  and 
(A2;  A2;  A'2)  valid. 

By  Part  1,  (A2;  A"2)  is  (Ai;A"i). 

•  Case  Ki  =  K2  =  T. 

(a)  Ai  h  Ai  :  Ki  ^  A2  P  A2  :  K2 

(b)  By  Lemma  3.8,  A2  P  A2  :  A"2  ^  Ai  h  Ai  :  Ki. 

(c)  Therefore  (A2;A2;T)  is  (Ai;Ai;T). 

•  Case  Ki  =  'S'(Si)  and  K2  =  5(52). 

(a)  (Ai;Ai;T)  is  (A2;A2;T). 

(b)  By  the  inductive  hypothesis,  (A2;A2;T)  is  (Ar,  Ai;T). 

(c)  Therefore  (A2;  A2;  5(5i))  is  (Ai;  Ai;  5(52)). 

•  Case  Ki  =  na:A"(.A"{^  and  K2  =  • 

(a)  Let  (A2,  Ai)  y  (A2,  Ai) 

(b)  and  assume  (A2;52;A’2)  is  (Ai;5i;A'(). 

(c)  By  the  inductive  hypothesis,  (Ai;  5i;A"()  is  (A2;52;Ar2). 

(d)  Thus  (Ai;  Ai5i;  {aH-)-5i}A"{')  is  (A2;  A252;  {ai-^52}A'2')- 

(e)  By  the  inductive  hypothesis,  (A2;  A252;  {ai-)-52}A"2  )  is  (Ai;  Ai5i;  {aH->5i}A"('). 

(f)  Therefore  (A2;  A2;IIq':A'2.A"20  is  (Ai;  Ai;  na:A"(.A"('). 
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•  Case  Ki  =  i:a:Ki.K['  and  K2  =  ^a-.K^.K^'. 

(a)  Then  (Ai;n-ij4i;/<'i')  is  (A2;  ?ri^2; /^2) 

(b)  and  (Ai;7r2^i;{aH47ri^i}iiri")  is  (A2;  >72^2;  {Q'i-)^7ri^2}/'(r"). 

(c)  By  the  inductive  hypothesis,  (A2;  ;ri>l2; is  (Aj;  /Ci') 

(d)  and  (A2;  7r2^2;  {a'->7ri>l2}/'(r20  is  {^i',Tr2Ai-,{ai-^wiAi}Ki). 

(e)  Therefore  (A2;A2;Ea:/l'2.jfV'2')  is  {Ai;  Ai-,'Sa:Ki.K"). 

3.  (a)  Assume  (AiiyijTi)  is  (A2;72;r2).  Then  (Ai;  71; Fi)  valid  and  (A2; 72; r2)  valid. 

(b)  Let  X  £  dom(r2)  be  given. 

(c)  Then  x  €  dom(ri). 

(d)  Then  (Ai;7ia;7i(ria))  is  (A2; 72a; 72(r2a)). 

(e)  By  Part  2,  (A2;  72a;  72(r2a))  is  (Ai;  71a;  7i(ria)). 

(f)  Therefore  (A2;72;r2)  is  (Ai;7i;ri). 

I 

In  contrast,  the  logical  relation  cannot  be  easily  shown  to  obey  the  same  transitivity  property  as  the 
algorithm;  it  does  hold  at  the  base  kind  but  does  not  lift  to  function  kinds.  We  therefore  prove  a  slightly 
weaker  property,  which  is  nevertheless  what  we  need  for  the  remainder  of  the  proof.  The  key  difference  is 
that  the  transitivity  property  for  the  algorithm  involves  three  contexts/ worlds  whereas  the  following  lemma 
only  involves  two. 

Lemma  4.6  (Transitivity) 

1.  If{Ai;Ki)  is  (Ai;Li)  and  (Ai;Li)  is  {A2]  K2)  then  {Ai;  Ki)  is  {A2]K2). 

2.  IfiAi-,Ai-,Ki)  is  (Ai;Si;Ii)  and  (Ai; 5i; Ii)  is  (A2;A2;ii:2)  then  (Ai;Ai;Ki)  is  (A2;A2;A:2)- 

Proof: 

1.  Assume  (Ai; /Cl)  is  (Ai;Li)  and  (Ai;Li)  is  (A2; /C2).  First,  (Ai; /Ci)  valid  and  (A2; /C2)  valid. 

•  Case:  Ki  =  Li  =  K2  =  T. 

(Ai;T)  is  (Aq'iT)  aJways. 

•  Case:  /Cj  =  S(Ai),  h  =  5(Bi),  and  IC2  =  5(^2). 

(a)  Then  Ai  I-  Ai  :  T  ^  Ai  h  Si  :  T 

(b)  and  Ai  h  Si  :  T  A2  h  A2  :  T. 

(c)  By  Lemma  3.8,  Ai  h  Ai  :  T  A2  b  A2  :  T. 

(d)  Therefore  (Ai;S(Ai))  is  (A2;5(A2)). 

•  Case:  Ki  =  Li  =  and  K2  =  En./C^./C^'. 

(a)  (Ai;/Ci')  is  (Ai;I,'i)  and  (Ai;L'i)  is  (A2;/S'2). 

(b)  By  induction,  {Ai;K[)  is  (A2;/C2)- 

(c)  Let  (Ai,  A2)  X  (Ai,  A2) 

(d)  and  assume  (A'i;Ai;/Ci)  is  (A2;A2;iC2). 

(e)  By  Lemma  4.4,  (Ai;/Ci')  is  (Ai;/iri'). 

(f)  By  monotonicity  and  Lemma  4.3,  (Aj;  /Ci'  <  K[)  is  {A'i;Ki  <  LJ). 

(g)  Since  (Ai;Ai;/rO  is  (Ai;  Ai; /Ci'), 

(h)  we  have  {A[;Ai-,K[)  is  (Ai;Ai;Li). 

(i)  Thus(Ai;{aH+Ai}/r;')  is  (Ai; {ah4Ai}Ll'). 

(j)  Similarly,  {A[;K[  <  L[)  is  (Ai;/Ci  <  K^). 

(k)  Then  (Ai;Ai;L;)  is  (Ai;  A2;/ri). 

(l)  So,  (Ai;{ai-j^Ai}Li')  is  (Ai;  {ai^A2}/'£'2'). 

(m)  By  induction,  (Ai;{ai->-Ai}/C")  is  (A2;  {ai-4-A2}/C2')- 

(n)  Therefore  (Ai;na:iC{. /TO  is  (A2;na:/Ci.hri'). 
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•  Case:  Ki  =  l^a:Ki>Ki  ^  Li  =  Y^a:L[,Li ,  and  K2  —  Ea:A2’^2^* 

Same  proof  as  for  11  types. 

2.  Assume  {Ai;Ai;Ki)  is  (Ai;Bi;Z/i)  and  {Ai;  Bi;  Li)  is  (A2;A2;A2).  Then  (Ai;  Ai;  A^i)  valid, 

(A2;A2;  A^2)  valid,  (Ai;A^i)  is  (Ai;  Li),  and  (Ai;  Li)  is  (A2;A^2).  By  Part  1,  (Ai;  ATi)  is  (A2;/C2). 

•  Case:  Ki  ^  Li  =  K2  =  T. 

(a)  Ai  h  Ai  :  T  Ai  h  Bi  :  T 

(b)  and  Ai  h  Bi  :  T  <=^  A2  P  Ai  :  T. 

(c)  By  Lemma  3.8,  Ai  h  Ai  :  T  ^  A2  P  A2  :  T. 

(d)  Therefore  (Ai;Ai;T)  is  (A2;A2;T). 

•  Case:  Ki  =  iS'(Ai),  Li  =  S{B[)j  and  K2  =  '^'(A^). 

(a)  (Ai;Ai;T)  is  (Ai;Bi;T) 

(b)  and(Ai;Bi;T)  is  (A2;A2;T). 

(c)  By  the  inductive  hypothesis,  (Ai;Ai;T)  is  (A2;A2;T). 

(d)  Therefore  (Ai;  Ai;  5(Ai))  is  (A2;  A2;  ^(Ai)). 

•  Case:  Ki  =  Jla:K[.Ki\  Li  =  Ila:Li  ,  and  K2  —  lilcx:K2>K2  • 

(a)  Let  (A1,A2)  h  (Ai,  A2) 

(b)  and  assume  (Ai;Ai;Ar{)  is  (A2;A2;A"2)- 

(c)  Then  by  monotonicity  (Ai;  is  (Ai;  Li)  and  (Ai;  Li)  is  (Ai;^^^). 

(d)  By  Lemma  4.3,  {A[]K[  <  K[)  is  (Ai;  <  Li). 

(e)  By  Part  2,  (Ai;Ai;A'i')  is  (Ai;Ai;A"{), 

(f)  so  (Ai;Ai;/^0  is  (Ai;Ai;Li), 

(g)  Thus  (Ai;  AiAi;  {Q'i-)-Ai}A"i^)  is  (Ai ;  BiAi;  {ai-)‘Ai}Li'). 

(h)  Similarly,  (Ai;A"i  <  Li)  is  (A2;Ar2  <  K2), 

(i)  so(Ai;Ai;Li)  is  (A^;A^;/^^). 

(j)  Thus,  (Ai;  BiAi;  {ai-)-Ai}Li')  is  (A2;  A2A2;  {aH-A^jAT^'). 

(k)  By  the  inductive  hypothesis,  (Ai;  AiAi;  {aH>Ai}A"{')  is  (A2;  A2A2;  {a^~>A2}A"20‘ 

(l)  Therefore,  (Ai;  Ai; na:A"(.A"i')  is  (A2; A2; na:A"2.A'20- 

•  Case:  ATi  =  Ea:A^{.A^(^  Li  =  SaiLi.Li,  and  K2  =  Sa:A^^.A^2^. 

(a)  (Ai;7riAi;  A'O  is  (Ai;  ttiBi;  Li) 

(b)  and  (Ai ; TTiBi; Li)  is  (A2; 7riA2;  AT^). 

(c)  By  the  inductive  hypothesis,  (Ai;  ttiAi;  A"i)  is  (A2;  7riA2;  A'^^)- 

(d)  Similarly,  (Ai ;  7r2Ai ;  {ai-^7ri  Ai}A"i^)  is  (Ai;  7r2Bi;  {ah-)-7riBi}Li^) 

(e)  and  (Ai ;  7r2J5i;  {Qf»->-7riBi}Li^)  is  (A2;  7r2A2;  {ai-)-7riA2}A"20- 

(f)  By  the  inductive  hypothesis,  (Ai;  7r2Ai;  {a»-)-7ri  Ai}A"")  is  (A2;  7r2A2;  A2}Ar20- 

(g)  Therefore,  (Ai;  Ai;  Sa:/ri  ./^O  is  (A2;  A2;  Ea:A'^/r^0- 

I 

Because  of  this  restricted  formulation,  we  cannot  use  symmetry  and  transitivity  to  derive  properties  such 
as  “if  (Ai;  ATi)  is  (A2;  K2)  then  (Ai;  ATi)  is  (Ai;  A:i)”.  An  important  purpose  of  the  validity  predicates  is 
to  make  sure  that  this  property  does  in  fact  hold  (by  building  it  into  the  definition  of  the  equivalence  logical 
relations) . 

Next  we  show  that  logical  relations  are  closed  under  head  expansion  and  reduction.  Define  T  h  Ai  A2 
to  mean  that  Ai  and  A2  have  a  common  weak  head  reduct.  The  following  lemma  then  follows  by  induction 
on  the  size  of  kinds. 

Lemma  4.7  (Weak  Head  Closure) 

1.  If  r  h  A->  B  then  T  h  L;[A]  E[B] 

2,  If  r  h  Ai  ~  A2  then  T  h  E'[Ai]  ~  E[A2]. 
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3.  If  (A;  A-,  K)  valid  A  t-  A'  ~  yl,  then  (A;  A'\  K)  valid. 

4.  If  (All  Ai]Ki)  is  {A2]A2]K2),  Ai  I- ~  Ai,  and  A2  I- >^2  —  ^2  tAen  (Ai;Ai;i^i)  is  (A2;^2;-A'2)- 

Proof: 

1.  Obvious  by  definition  of  F  h  A  B. 

2.  By  repeated  application  of  Part  1. 

3.  By  induction  on  the  size  of  K.  Assume  (A;  A;  /F)  valid  and  A  h  A'  ^  A.  Note  that  (A;  /F)  valid. 

•  Case:  K 

(a)  A  h  A  :  T  ^  A  h  A  :  T. 

(b)  By  the  definition  of  the  algorithm  and  determinacy  of  weak  head  reduction, 

A\-  A'  :T  ^  Ah  A'  :T. 

(c)  Therefore  (A;  A';  T)  valid. 

•  Case:  K  =  S{B) 

(a)  Then  AI-A:T^AI-B:T 

(b)  so  by  the  definition  of  the  algorithm  and  determinacy  of  weak  head  reduction 
AI-A':T^AI-B:T 

(c)  which  yields  (A;  A';  5(B))  valid 

•  Case:  K  =  UaiK'.K”, 

(a)  Let  (A',  A")  ^  (A,  A) 

(b)  and  assume  that  (A';Bi;/C)  is  {A”;B2;  K'). 

(c)  Then  (A';ABi;{ah^Bi}/CO  is  (A^';  AB2; 

(d)  By  Part  2  and  an  obvious  context  weakening  property,  A'  h  ABi  A'Bi 

(e)  and  A"  h  AB2  -  A'B2. 

(f)  By  the  inductive  hypothesis,  (A';  A'Bi ;  {an^Bi }/F")  is  (A";  A'B2;  {aH-)-B2}/C'). 

(g)  Therefore,  (A;  A';  na:iF'./F")  valid. 

•  Case:  K  =  JlaiK'.K”, 

(a)  Then  (A;  tti  A;  AT')  valid 

(b)  cind  by  Part  2,  A  h  ttiA'  ~  ;riA, 

(c)  By  the  inductive  hypothesis,  (Ai ;  ttiAJ  ;  ATO  valid. 

(d)  and  inductively  by  Part  4,  (A;7riA;  A"')  is  (A;  ttiA';  AT'). 

(e)  Similarly,  (Ai;  7r2A;  {ah^TTi  A}A'")  valid, 

(f)  and  A  h  7r2A^  ~  7r2A, 

(g)  so  by  the  inductive  hypothesis  again,  (A;  7r2A';  {ai-^TTi  A}A"")  valid. 

(h)  But  (A;{aK^7riA}/C')  is  (A;  {cvH>7riA'}Ar"), 

(i)  so  by  Reflexivity  and  Lemma  4.3, 

(A;{aH^7riA}/C'<{ah->7riA'}/C')  is  {A;{a^7nA}K"  <  {a^7rrA'}K'^). 

(j)  so  by  Reflexivity  (A;  n-2A';  {at~>7ri  A'}A"")  valid. 

(k)  Therefore,  (A;  A';  Ea:Ar'./C')  valid. 

4.  By  induction  on  the  size  of  Ki. 

Assume  (Ai;Ai;iFi)  is  (A2;A2;Ar2),  Ai  h  Aj  ~  Ai,  and  A2  h  A^  ~  A2.  First,  note  that  (Ai;Ai;Ari)  valid, 
(A2;  A2;  A’2)  valid,  and  (Ai;/Fi)  is  (A2; /F2).  By  the  argument  in  Part  3,  (Ai;  Aj;  A"i)  valid  and 
(A2;A2;A"2)  valid. 

•  Case:  Ki  ^  K2  =  T. 

(a)  Ai  h  Ai  :  T  44^  A2  h  A2  :  T. 

(b)  By  the  definition  of  the  algorithm,  Ai  I-  Aj  :  T  A2  h  A2  :  T. 

(c)  Therefore  (Ai;A'i;T)  is  (A2;A2;T). 

•  Case:  ATi  =  5(Bi)  and  K2  =  5(B2). 
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(a)  Then  Ai  Ai  :  T  ^  A2  A2  :  T 

(b)  so  Ai  \-  A[  :  T  A2  A2  • 

(c)  which  yields  (Ai ; ^4^; 5(Bi))  is  (A2;  5(^2)). 

•  Case:  Ki  =  Ila:K{.Ki  and  K2  =  Ila:K2-^^2  ^ 

(a)  Let  (Ai,Ai)^(Ai,A2) 

(b)  and  assume  that  {A[;Bi;K[)  is  (A2;B2;/^2)- 

(c)  Then  (Aj;  AiJ5i;  is  (A2;  A2B2;  {aH-)-B2}/i^205 

(d)  By  Part  2  and  an  obvious  weakening  property,  A[  \-  AiBi  ^  A[Bi 

(e)  and  A2  h  A2J52  A2B2. 

(f)  By  the  inductive  hypothesis  (Ai;  Ai^i;  is  (A2;  A2B2;  {ai->-52}i^20- 

(g)  Therefore,  {Ai;  A'i;Ila:K[,Ki)  is  (A2;  A2;  na:ii"2-^'^20' 

•  Case:  Ki  =  EaiKi.Ki'  and  K2  =  EaiK^.K^^. 

(a)  Then  (Ai;  tti  Ai; is  (A2;  7riA2;  1^2)? 

(b)  (Ai;7riAi;i^0  is  (Ai;  tti Ai; /fO, 

(c)  (A2;7riA2;i^^)  is  (A2;  tti A2; 

(d)  and  by  Part  2,  Ai  h  7riA[  ~  ttiAi, 

(e)  and  A2  h  ttiA^  7riA2. 

(f)  By  the  inductive  hypothesis,  (Ai ;  ttiAJ;  A"J)  is  (A2;  tti A2;  Aa)? 

(g)  (Ai;7riAi;i^0  is  (Ai;  tti Al;  A:(), 

(h)  and  (A2;  tti  Aa;  A'a)  is  (Aa;  ttiA^;  A^a). 

(i)  Similarly,  (Ai ;  ^raAi ;  {a^-^Tri Ai}A"i^)  is  (Aa;  TraAa;  {ai-)-7riA2}A"20j 

(j)  Ai  h  ;r2Ai  ~  TTaAi, 

(k)  and  Aa  h  TTaAa  TTaAa. 

(l)  By  the  inductive  hypothesis  again,  (Ai;  TTaAi;  {ai-^7riAi}A{^)  is  (Aa;  TTaAa ;{«•->■  TTiAa } A 2O- 

(m)  But(Ai;A"i)  is  (Ai;  A"i)  and  (Aa;  ^^2)  is  (A2;A"2), 

(n)  so  (Ai;{ai-^7riAi}Zrr)  is  (Ai ;  {ai-)^7ri Ai}A7), 

(o)  (Aa ;{«•-)■  TriA2}A"2^)  is  (Aa;  {aH-TTiA^li^a  )> 

(p)  and  (Ai;  {a»-)-7riAi}A"")  is  (Aa;  {(^^►-)-7riAi}A"20* 

(q)  By  Lemma  4.3,  (Ai ;  {aH->7ri  Ai}A"i^  <  {a\-^7riAi}Ki)  is  (Aa;  {o^i-^Tri Ai}A"2^  <  {ai-^7riAi}Ar2 ). 

(r)  so  (Ai;  TTaAi;  {an-j-TTiAi} AT”)  is  (Aa;  TT2A2;  {aH-7TiAi}Ar2^). 

(s)  Therefore,  (Ai ;  Ai;  Ea:A"i .A"")  is  (Aa;  A2;  Ea:Zf2.A'2  )• 

■ 

Following  all  this  preliminary  work,  we  can  now  show  by  induction  on  the  size  of  kinds  that  equivalence 
under  the  logical  relations  implies  equivalence  under  the  algorithm.  This  requires  a  stronger  induction 
hypothesis:  that  under  suitable  conditions  variables  (and  more  generally  paths)  are  logically  valid  or  logically 
related. 

Lemma  4.8  (Main  Lemma) 

L  If{Ai;Ki)  is  (A2;  A'2)  Ai  h  ZCi  4=>  A2  P  A^2* 

2.  Jf  (Ai;  Ai;  ATi)  is  (A2;  A2;  ATa)  then  Ai  h  Ai  :  Aa  P  Aa  :  K2- 

3.  If  (A;  K)  valid,  A  P  p  t  A"  A  P  p  t  AT,  then  (A;  p;  A")  valid. 

4.  If{Ai]Ki)  is  (Aa;  Aa)  and  Ai  P  Pi  t  Ai  Aa  P  P2 1  Aa  then  (Ai;pi;  Ai)  is  (A2;p2;A2). 

Proof;  By  induction  on  the  size  of  the  kinds  involved. 

For  Part  4,  note  that  in  all  cases  Ai  I-  pi  t  /'£'i  ^  Ai  h  pi  t  Ki  and  A2  h  P2  t  ^^"2  A2  H  P2  t  ^^'2  by  symmetry 
and  transitivity  of  the  algorithm,  (Ai; /fi)  valid,  and  (A2;/r2)  valid.  Hence  by  Part  3,  (Ai;pi;/S'i)valid  and 
(A2;p2;^f2)  valid. 
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•  Case:  K  =  Ki  =  K2  =  T. 

1.  Ail-r<^A2l-Tby  the  definition  of  the  algorithm. 

2.  (a)  Assume  (Ai;^i;T)  is  (A2;A2;T). 

(b)  By  the  definition  of  this  relation,  Ai  h  Ai  :  T  ^  A2  A2  :  T. 

3.  (a)  Assume  (A;  T)  valid  and 

(b)  Ahpt^^ 

(c)  By  Lemma  3.3,  A  h  p  f 

(d)  Then  A  h  p  JJ.  p. 

(e)  so  Af-prTo  Abp:T. 

(f)  Therefore  (A; p;  T)  valid. 

4.  (a)  Assume  Ai  h  pi  t  T  o  A2  h  p2  t  ^ 

(b)  and(Ai;T)  is  (A2;r). 

(c)  By  Lemma  3.3,  Ai  h  pi  t  T  and  A2  b  p2  t  T, 

(d)  Thus  Ai  h  Pi  IJ.  Pi  and  A2  b  p2  U.p2. 

(e)  so  Ai  b  Pi  :  T  A2  b  p2  :  T. 

(f)  Therefore  (Ai; Pi ;T)  is  (A2;p2;T). 

•  Case:  K  =  S{B),  Ki  =  5(Bi),  and  K2  =  5(82). 

1.  (a)  Assume  (Ai;/fi)  is  (A2;i^2). 

(b)  Then  by  definition  (Ai;jBi;T)  is  (A2;52;T), 

(c)  so  Ai  b  Bi  :  T  A2  b  B2  :  T. 

(d)  Therefore,  Ai  b  S{Bi)  A2  5(52). 

2.  (a)  By  defimtion,  Ai  b  Ai  :  5(5i)  -<=>  A2  b  A2  :  5(52)  always. 

3.  (a)  Assume  (A;  5(5))  valid, 

(b)  and  A  b  p  t  5(5)  A  b  p  t  5(5). 

(c)  By  Lemma  3.3,  A  b  p  ^  5(5). 

(d)  Then  Abp~^‘5soAbp:i:;5. 

(e)  By  (A;  5(5))  valid,  Ab5:T4^Ab5:T. 

(f)  By  the  definition  of  the  algorithm,  A  p  :  T  A  h  B  :  T. 

(g)  Therefore  (A;p;  5(5))  valid. 

4.  (a)  Assume  (Ai;5(5i))  is  (A2;5(52)), 

(b)  and  Ai  b  pi  t  5(5i)  A2  b  p2  t  5(5i). 

(c)  By  defimtion  of  the  logical  relations,  Ai  b  5i  :  T  ^  A2  B2  :  T. 

(d)  By  Lemma  3.3,  Ai  b  pi  f  5(5i)  and  A2  b  p2  t  -S'(52). 

(e)  That  is,  Ai  b  pi  'v.)-  5i  and  A2  b  p2  5i. 

(f)  Hence  Ai  b  pi  :  T  A2  b  p2  :  T. 

(g)  Therefore  (Ai;pi;  5(5i))  is  (A2;p2;  5(5i)). 

•  Case:  K  =  UaiK'JC'',  Ki  =  and  K2  = 

1.  (a)  Assume  (Ai;na:Ari'./<'i")  is  (A2; na:/f2-^20' 

(b)  Then(Ai;ir{)  is  (A2;/r^). 

(c)  By  the  inductive  hypothesis  we  have  Ai  b  o  A2  b  A"2- 

(d)  Now  Ai,  a:K[  b  a  f  O  A2,a:K2  b  a  t  ^"2- 

(e)  Inductively  by  Part  4,  {Ai,a:K{]a;Ki)  is  (A2,  aiAT^;  a;  AT^)* 

(f)  Thus  (Ai,a:/r(;/rn  is  {A2,  a:K^;  K^') 

(g)  By  the  inductive  hypothesis,  Ai,  a:K[  b  K"  ^  A2y  oniK^  b  . 

(h)  Therefore  Ai  b  na:A{.A('  ^  A2  b  na:A^A^'. 

2.  (a)  Assume  (Ai;Ai;  Ha:  AjL AO  is  (A2;  A2;  na:A^.  A^. 

(b)  Then(Ai;na:A(.AO  is  (A2; ncv:A^.AO 
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(c)  so  as  above,  inductively  by  Part  4  we  have  {Ai,a:Ki;a;  K[)  is  {A2,  oi; 

(d)  Then  {Ai^a:K[;Aia\Ki)  is  (A2,  a:A"2;  ^20^; 

(e)  By  the  inductive  hypothesis  again,  Ai^a:K[  h  Aia  :  K”  -O  A2, oiiK^  h  -A2Q'  : 

(f)  Therefore  Ai  h  :  T\.a:K[.Ki  ^  A2  b  A2  :  Tla:K[.Ki , 

3.  (a)  Assume  (A;  K)  valid 

(b)  and  A  b  p  t  AT  A  h  p  t  AT. 

(c)  Let  (A^A")h(A,A) 

(d)  and  assume  (A';B';A"')  is  (A";  A"'), 

(e)  Inductively  by  Part  2,  A'  b  :  A"'  ^  A''  b  :  AT'. 

(f)  Thus  using  Weakening,  A'  b  pB'  f  A”  b  pB”  t  {oi^B”}K", 

(g)  By(A;/Ovalid,  (A';{a^B'}A^'')  is  (A"; 

(h)  Inductively  by  Part  4,  (A';pB';  is  (A";pB";  {ai-)-B"}A""). 

(i)  Therefore  (A;p;  na:A"'.A''')  valid. 

4.  (a)  Assume  (Ai;  HarA^J .A"i^)  is  (A2;  na:A"2*A"20? 

(b)  and  Ai  b  pi  t  na:A"{.A"('  A2  b  p2  t  ^a:A'2.A^2^ 

(c)  Let  (Al,  A2)  h  (Ai,  A2)  and  assume  that  (Ai;Bi;  A^O  is  (A2;B2;Ar2). 

(d)  Then(A;;{ah^Bi}/rn  is  (A^;  {ah^B2}A^^0- 

(e)  Inductively  by  Part  2,  Ai  b  Bi  :  A"{  ^  A2  b  B2  :  A"2, 

(f)  and  by  Weakening,  Ai  b  pi  t  XlarA'i-AY  -H-  A2  b  p2  t  ^a:A2.A2^ 

(g)  so  we  have  Ai  b  piBi  f  {oi\-^Bi}Ki  A2  b  P2B2  t  {q'i-4B2}A"2^ 

(h)  By  the  inductive  hypothesis,  (Ai  ;piBi ;  {q'»-)-Bi}A"")  is  (A2;p2B2;  {a^-)■B2}A20• 

(i)  Therefore  (Ai; Pi ; ncv:A"j. AT")  is  (A2;p2; HaiA^^i-A'iiO- 

•  Case:  K  =  T>a:K* ATi  =  T^aiKi-K”  and  K2  =  • 

1.  The  corresponding  argument  for  the  IT  case  also  applies  here. 

2.  (a)  Assume  (A  1;  Ai;  Sa:A"i.A"i')  is  (A2;  A2;  Ea:A"2.Ar20* 

(b)  Then  (Ai;  ;ri  Ai;  A'i)  is  (A2;  7riA2;  AT^). 

(c)  and  (Al ;  7r2Ai;  {Q'i-)-7riAi}A"i')  is  (A2;  Jr2  A2;  {aH47ri A2}A''20* 

(d)  By  the  inductive  hypothesis,  Ai  b  n\Ai  :  A"i  A2  b  7riA2  :  K2 

(e)  and  Ai  b  ;r2Ai  :  {at-)-7ri Ai}A"i^  A2  b  7r2A2  :  {Q'l-)•7^lA2}A'^^^ 

(f)  Therefore  Ai  b  Ai  :  Sa:A"i.A"i^  A2  b  A2  :  Sa:A"2•A"2^ 

3.  (a)  Assume  (A;  A")  valid, 

(b)  and  A  b  p  t  A'  A  b  p  t 

(c)  By  definition  of  the  algorithm,  A  b  Trip  t  A"^  ■(->■  A  b  Trip  f  A'' 

(d)  and  A  b  Tr2pt  {ah^7rip}A"'^  A  b  Tr2pt  {Q^^-4Trlp}A"'^ 

(e)  By  the  induction  hypothesis,  (A;  Trip;  A"')  valid. 

(f)  By  Lemma  4.4,  (A;  Trip;  AT')  is  (A;  Trip;  A"'). 

(g)  By  (A;  A")valid,  (A;{ai-4Trip}A"")  is  (A;  {aH^7rip}Ar"). 

(h)  Thus  (A;  {ai-^TTip}/^'^)  valid. 

(i)  By  the  induction  hypothesis  again,  (A;  Tr2p;  {aH^Trip}Ar'^)  valid. 

(j)  Therefore,  (A; p;  Sa:A"^ A"'')  valid. 

4.  (a)  Assume  (Ar,  Ea:A"{ .ATi')  is  (A2;  EcviA'^-A'^Oj 

(b)  and  Al  b  pi  t  A2  b  p2  t  Ea:ir^.A^^^ 

(c)  Then  Ai  b  TTipi  t  A^i  A2  b  Trip2  t  AT^ 

(d)  and  Ai  b  Tr2Pi  t  {ai->Tripi}A"J'  A2  b  n2P2  t  {Q''->7rip2}A"2  . 

(e)  The  inductive  hypothesis  applies,  yielding  (Ai;  TTipi;  A"^)  is  (A2;  7rip2;  A"^) 

(f)  and  (Ai;  Tr2pi;  {ai->Tripi}A"(')  is  (A2;  7r2P2;  {Q'‘->7rlp2}A"20• 

(g)  Therefore  (Ai;pi;  Ea:A"{.A'”)  is  (A2;p2;  II«:A'2.A"20- 
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■ 

Finally  we  come  to  the  Fundamental  Theorem  of  Logical  Relations,  which  relates  provable  equivalence 
of  two  constructors  to  the  logical  relations  The  statement  of  the  theorem  is  strengthened  to  involve  related 
substitutions  of  constructors  for  variables  within  constructors  and  kinds. 

Theorem  4.9  (Fundamental  Theorem) 

1.  IfT\-K  and  (Ai;7i; F)  is  (A2;72;r)  then  (Ai;jiK)  is  (A2;j2K)- 

2.  JfF  h  Ki<  K2  and  (Ai;7i;F)  is  (A2;72;r)  then  (Ai;jiKi  <  7iA'2)  is  (A2;72Ffi  <  72K2), 
(Ai;7i/<i)  is  (A2;72A’i),  and  (Ai; 71/^2)  is  (A2;72^2)- 

3.  IfT\-  Ki  =  K2  and  (Ai;7i;r)  is  (A2;72;r)  then  (Ai;7iAi)  is  {A2;72l<2), 

(Ai;7iAi)  is  (A2i 72^1),  and  (Ai; 71^2)  is  (A2;72A’2)- 

4.  IfT\-  A  :K  and  (Ai;7i;r)  is  (A2;72;r)  then  {Ai-,7iA-,7iK)  is  (A2; 72^:72 AT). 

5.  Ifr\-  Ai  =A2-.K  and  (Ai;7i;r)  is  (A2;72;r)  then  (Ai; 71^1; 71  A')  is  (A2;72^i;72if), 
(Ai;7iv4i;7iA:)  is  (A2;72A2;72A'),  and  (Ai; 71^2; 71A:)  is  (A2; 72^2:72 AT). 

Proof:  By  simultameous  induction  on  the  hypothesized  derivation. 

In  all  cases,  (Ai;7i;r)  is  (Ai;7i;r)and  (A2;72;r)  is  (A2;72;r). 

Kind  Well-formedness  Rules:  F  h  /iT. 

•  Case:  Rule  5. 

1.  7iT  =  72T  =  T. 

2.  (Ai;T)  is  (A2;T). 

•  Case:  Rule  6. 

1.  By  the  inductive  hypothesis,  (Ai;7i^;T)  is  (A2;72A;T). 

2.  Therefore  (Ai; 5(71  A))  is  (A2;5(72^)). 

•  Case:  Rule  7. 

1.  By  Lemma  B.l,  there  is  a  strict  subderivation  F,  a:iF'  h  ok 

2.  and  by  inversion  a  strict  sub  derivation  F  h  K'. 

3.  By  the  inductive  hypothesis,  (Ai;7i/C)  is  (A2;72/F'). 

4.  Let  (Ai,  A2)  y  (Ai,  A2) 

5.  and  assume  that  (Ai;Ai;7iK')  is  (A2; ^2;  72K'). 

6.  Then  by  monotonicity  (Ai;  7i[ai->Ai];  F,  a:/C)  is  (A2;  72[o'i-)-^2];  F, 

7.  By  the  inductive  hypothesis,  (Ai;  (7i[oi-^Ai])/F")  is  (A2;  (72[q'»-^^2])/F")* 

8.  That  is,  (Ai;{ai^Ai}((7i[aH^a])/0)  is  (A^;  {aH^>l2}((72[cvH^a])/C0). 

9.  Therefore,  (Ai;  yi(Ua:K\K''))  is  (A2;  y2(Tla:K\K'')). 

•  Case:  Rule  8.  Just  like  previous  case. 

Subkinding  Rules:  F  h  /Fi  <  K2. 

Let  (Ai,  Ai)  y  (Ai,  A2)  and  assume  (Ai;  Bi;  71/Fi)  is  (Ai;  B2;  72K1). 

•  Case:  Rule  9.  By  assumption,  (Ai;Bi;T)  is  (Ai;B2;T). 

•  Also,  (Ai;T)  is  (A2;T) 

•  and,  by  the  same  argument  as  for  Rule  6,  (Ai;5(7iK))  is  (A2;  5(72^")). 

•  Case:  Rule  10.  Trivial,  since  71 T  =  72T  =  T  and  (Ai;T)  is  (A2;T). 

•  Case:  Rule  11. 
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1.  By  the  inductive  hypothesis  we  have  (Ai;  71  ^r,T)  is  (A2;72^i;^) 

2.  and  (Ai;7i^2;T)  is  (A2;72A2;T). 

3.  Thus  (Ai;S(7i^i))  is  (A2;  5(72^1)) 

4.  and  (Ai;  5(71  A2))  is  (A2;  *S'(72^2))* 

5.  By  the  inductive  hypothesis  we  have  (Ai;7i^i;T)  is  (A2;  72^2;  T), 

6.  (Ai;7iAi;T)  is  (A;;7i^2;T), 

7.  and  (A2;72-Ai;T)  is  (A2;72^2;T’). 

8.  Thus  (A;; 5(71  Ai))  is  (A^;5(72^2)), 

9.  (A;;5(7i^i))  is  (Ai; 5(71^2)), 

10.  and  (A2;  *5(72^1))  is  (A2;  *5(72.A2)). 

11.  By  Symmetry  and  Transitivity,  (Ai;  5(71^12))  is  (A2;  ^(72^2)), 

12.  so  by  Lemma  4.3,  (Ai;5(7ii4i)  <  5(71  A2))  is  (A2;  *5(72^1)  ^  *S'(72^2)). 

13.  Therefore  (Aj;  ;  5(71^42))  is  (A2;  B2;  5(72^2))• 

•  Case:  Rule  12. 

1.  By  the  inductive  hypothesis,  (Ai;  71  is  (A2;  72(na:/C( 

2.  For  the  same  reasons  as  for  Rule  7,  (Ai; 7i(na:R"i.R"i^))  is  {A2\j2(^oi:K[.Ki)). 

3.  Let  A'/,  Ar  h  Ai 

4.  and  assume  (A";  71/^2)  (A'/';  B";  7iRr2). 

5.  By  monotonicity  and  the  inductive  hypothesis,  (A'/;7iA''2  <  is  (A'i";7iAr2  <  7i^^i)- 

6.  Thus  (A";Bi;7iAr{)  is  (A'";  B";  71  A"i)- 

7.  Now  by  reflexivity  and  monotonicity,  (A";  Bi ;  71 /fi)  is  (A"';  Bi;  71  A"i). 

8.  Thus  (A'/;  BiBJ;  (7i[cv»-)'B(])A'{')  is  (A^";  BiB";  (7i[Q'i-)‘Bi'])A""). 

9.  Now  (Ai';7i[Q'i-^B(];r,  aiA”;^)  is  (Ai";  7i[ai->-B{'];  F,  a:A"2). 

10.  By  the  inductive  hypothesis  again, 

(A'/;  {^i[a^B[])Ki'  <  {7i[a^B[])K^')  is  (A'/';  {7i[a^B['])K['  <  {7i[a^B['])K^% 

11.  so  (Ar;BiB(;(7i[aH^Bn)iF^')  is  (Al"; BiBf;  (7ib^Bn)AT). 

12.  Note  that  (A'l';  (71  [aH>Bj])A"20  is  (Ai^';  (7i[ai->-B"])A"20- 

13.  Therefore,  ( Al ;  Bi ;  71  (IlaiA"^. A"20)  valid. 

14.  An  analogous  argument  shows  that  (A2;  B2;  72(na:A"2.A"20)  valid. 

15.  Let  (A'/,A^0h(A;,A^) 

16.  and  assume  (A";  B( ;  71  AT^J)  is  (A^^  B2;  72^^2)* 

17.  By  the  inductive  hypothesis,  (A'i;7iA"2  <  is  (A2;72A"2  <  72A"{)* 

18.  so(Ar;B(;7iK()  is  (A^'; B^; 72iF0 

19.  and(A'/;BiB(;(7i[a^Bl])/fn  is  (A^';  B2B^;  (72[a«^B^])AT). 

20.  By  monotonicity,  (A";  7i[cvi->B{];  F,  a:A"2)  is  (A^^  72[«H-B2];  F,  atA"^). 

21.  By  the  inductive  hypothesis  again, 

(A";  (7i[ai->B{])A""  <  (7i[aH^B{])A^20  i®  (A" ;  (72[ai-4B2])A’"  <  (72 [«>-)•  B2]) 7^2)5 

22.  so  (A";  BiBj;  (7i[aH'Bj])Ar2')  is  (A^';  B2B2;  {72[Q'H'B2])A'2  )• 

23.  Thus  (Ai;Bi;7i(na:/F^A^0)  is  (A^;  ^2;  72(na:Ar^/aO)- 

•  Rule  13. 

1.  By  the  inductive  hypothesis,  (Ai;  71  (IIa:A'2.A"20)  's  (A2;  72(^0: AT^.A"^'))* 
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2.  For  the  same  reasons  as  for  Rule  7,  (Ai;7i(i;Q':i^'i'.A'r))  is 

3.  (A'i;7riBi;7iA'i)  valid. 

4.  By  the  inductive  hypothesis,  (Ai;7i/'ri'  KfiKi)  is  (Ai;7i/'!'i'  <'iiK^). 

5.  Thus  by  reflexivity,  (AJ;  ttiBi;  7iR'2)  valid. 

6.  Now  (Ai;7i[a»-4n-iBi];r, ar/iri)  is  (A'i;7i[a'i->7riSi];r,a:jFri) 

7.  so  by  the  inductive  hypothesis, 

(A'i;(7i[ah47riSi])R'"  <  (7i[ai^iriBi])/t'^')  is  (Aj;  (7i[aH>7riSi])i<'"  <  (7i[oh->;riBi])/<'''). 

8.  Since  (Ai;jr2Bi;(7i[ai-^fl-iBi])/!'")valid, 

9.  Using  reflexivity,  (Ai;  n-2Si ;  (7i[ai->7riBi])R'2')  valid. 

10.  Therefore,  (A'j;Bi;  71  valid. 

11.  An  analogous  argument  shows  that  (A2;  S2;  72(Sa:A'2  /'£'2'))  valid. 

12.  (A'i;7riBi;7iA'i')  is  (Aj; ffiB2; 72A'0- 

13.  By  the  inductive  hypothesis,  (Ai;7iA'i'  <  7iA'2)  is  (A2;72A'i'  <'(2^2). 

14.  (Ai;7riSi;7iA'^)  is  (A2;  7riB2;T2A'2). 

15.  Now  (A'i;7i[oH-ffiBi];r,a:A'0  is  (A^;  72[aM-7riS2];r, a:A'0 

16.  so  by  the  inductive  hypothesis, 

(A;;(7i[ah^^iBi])Ar,"<  (7i[aH-jr,Bi])/<'^')  is  (A^;  (72[«h^7riB2])A:(' <  (72[ai^7riB2])A'^')- 

17.  Since  (Aj;7r2Bi;(7i[ai->7riBi])A'")  is  (A2;  7r2B2;  (72[ai-^7riB2])A’i"), 

18.  (A'l;  n-2Bi;  (7i[ai->wiBi])/'ir2')  is  (A2;  )r2B2;  (72[Q't-^7r)B2])A’2')- 

19.  Therefore,  (Al;  Bi;  7i(Ea:A'^.Ar^'))  »s  (Ai;B2;72(Ea:Ar^A'^'))- 
Kind  Equivalence  Rules:  r\-Ki=K2. 

It  suffices  to  prove  that  if  T  h  Ki  =  K2  and  (Ai;7i;r)  is  (A2;72;r)  then  (Ai;7iA'i)  is  (A2;72Ar2),  because  we 
can  apply  this  to  get  (A2;72A'i)  is  (A2;72Ar2),  so  (Ai;7iA'i)  is  {A2','f2Ki)  follows  by  Symmetry  and 

Transitivity.  A  similar  argument  yields  (Ai;  71  A'’2)  is  (A2;72A'2). 

•  Rule  14.  Trivial. 

•  Rule  15. 

1.  By  the  inductive  hypothesis,  (Ai;7iAj;r)  is  (A2;72A2;T). 

2.  Therefore,  (Ai;5(7iAi))  is  (A2; 5(72^2)). 

•  Rule  16. 

1.  By  the  inductive  hypothesis,  (Ai;7iA:i')  is  (A2;72A'2). 

2.  Let  (AJ,A2)  y  (Ai,  A2) 

3.  and  assume  (A'i;Ai;7iA'i)  is  (Aj;  A2;72A'2). 

4.  By  the  inductive  hypothesis,  (Aj;  7iA'{)  is  (A2;72A2). 

5.  (A;;7i/<'i')  is  (A'i;7iA'^). 

6.  and  (Ai;72Ari')  is  (Ai;72A'^). 

7.  By  Symmetry  and  Transitivity,  (A2;  72A'^)  is  (A'i;7iA'{), 

8.  (A'i;7i/'r,')  is  (Ai;72/'r{) 

9.  and  by  Reflexivity  (A'i;7iAri')  is  (Ai;7lA'^). 

10.  By  Lemma  4.3,  (A'i;7iA'i'  <  7iA';)  is  (A'i;72A'2  <  72A'i'), 

11.  so  (A'l;  Ai;7iA'i')  is  (Aj;  A2;  72A'0- 

12.  By  monotonicity,  then,  (A'i;7i[a'i->Ai];r,a:A'i')  is  (Aj;  72[ai-^A2];r,Q':A'0. 

13.  By  the  inductive  hypothesis  again,  (A'j;  (71  [aH-Ai])A'r)  is  (A2;  (72[aH-A2])A'2'). 
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14.  Therefore  (A i;  7i( Hot: /<"{'))  is  (A2;  72(na:/f2-^20)- 

•  Rule  17.  Same  proof  as  for  previous  case. 

Constructor  Validity  Rules:  T\-  A:  K, 

•  Case:  Rule  18. 

1.  yihi  —  7261  —  h  and  71T  =  72T  =  T. 

2.  Ai  h  6t  :  T  A2  h  :  T, 

3.  Ai  I-  6i  :  T  ^  Ai  h  :  T, 

4.  and  A2  h  6*  :  T  ^  A2  h  fej  :  T. 

5.  Thus  (Ai;6i;T)  is  {A2;6i;T). 

•  Case:  Rule  19. 

By  the  assumption  on  71  and  72,  (Ai;  712:;  71  (Fa;))  is  (A2;  72^;  72 (Fa;)). 

•  Case:  Rule  20. 

1.  By  Lemma  B.l  there  is  a  strict  subderivation  F  h  /F^ 

2.  By  the  inductive  hypothesis,  (Ai;7i/^')  is  (A2;  72-^0* 

3.  Let  (A'l,  A2)  y  (Ai,  A2)  and  assume  (Ai;Ri;7i/C)  is  (A2;  R2;  72^0* 

4.  Using  monotonicity,  (Ai;  7i[Qfi-)-Bi]; F, a:/F')  is  (A2;  72[o'-^^2];F,a:/F'). 

5.  By  the  inductive  hypothesis,  (Ai;  (7i[cv>-^Bi])A;  (7i[ai-)-Ri])/F^^)  is  {^2]  {j2[<y^B2])A\{y2[o(^B2])K  ). 

6.  Now  Ai  h  (yi[a\-^Bi])A  ~  (yi(\a:K' ,A))Bi 

7.  and  A2  h  (72[o»->^2])^  (72(Aa:iF'.i4))R2- 

8.  By  Lemma  4.7,  (Ai;  (7l(AQ':/F^A))Rl;  (7i[ai->-Si])R"^^)  is  (A2;  (72 (Aa:iF  .A))R2;  (72 [Q^'-^^2])iF  ). 

9.  Similar  arguments  analogous  to  lines  3-8  (and  reflexivity)  show  that 
( Ai ;  71  (XaiK'.A);  71  {Ua:K\K"))  valid 

10.  and  (A2;72(Aa:/F'.A);72(na:/F'./C'))  valid. 

11.  Therefore  {Ai;yi{Xo':K' ,A)\yi{Ila:K* .K”))  is  (A2;  72(AQ':/F'.yl);  72(na:R"'./F")). 

•  Case:  Rule  21 

1.  By  the  inductive  hypothesis  (Ai;  71^1;  71  (na:A"'./F'^))  is  (A2;  72^;  72(nQ':/F'./F")) 

2.  and  (Ai;7iA';7i/F')  is  (A2;  72^^  72-f^O- 

3.  Therefore,  (Ai;  7i(.4^');  7i({ah^^'}/f"))  is  (A2;  72(^^05 ^0)* 

•  Case:  Rule  22. 

1.  By  the  inductive  hypothesis,  (Ai;  71A;  7i(Eq':/F'./F"))  is  (A2;  72>1;  72(^0^-^^'./^'')). 

2.  Therefore  (Ai;  7ri7i  A;  71/F')  is  (A2;  7ri72A;  72A"0* 

•  Case:  Rule  23. 

1.  By  the  inductive  hypothesis,  (Ai;  71A;  7i(Ea:/C./F"))  is  (A2;  72A;  72(Sa:A''./F'')). 

2.  Therefore  (Ai;  7r2  7i  A;  7i({ah^7ri  is  (A2;  7r272A;  72({aH'7ri  A}/F")). 

•  Case:  Rule  24. 

1.  By  the  inductive  hypothesis,  (Ai;  71  (Ea: A"'. A""))  is  (A2;  72(Ea:/F'./F")). 

2.  By  the  inductive  hypothesis  and  reflexivity,  (Ai;  71A1;  71 A"^)  valid 

3.  and  (Ai;  71 A2;  (7l[«^-^7l^l])^0  valid. 

4.  Now  Ai  h  7iAi  ~  7ri(7iAi,  71A2) 

5.  and  Ai  h  71 A2  —  7r2(7i Ai, 71A2). 
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6.  by  Lemma  4.7  we  have  (Ai ;  7ri(7iAi ,  71 A2);  71 /T')  valid, 

7.  ( Ai ;  7r2  (71  ^1 , 7i ^2);  (71  [ai-^jiAi])K")  valid. 

8.  and  (Ai;  tti  (71^1,  71^2);  71  A'O  is  (Ai ;  71  ;  7i/r')- 

9.  Then  (Ai;  (7i[a'i-^7iAi])A'")  is  {Ai;{yi[a\-^7ri{yiAi,jiA2)])K”), 

10.  Using  Lemma  4.3,  (Ai;  7r2{7i-Ai,  71^2);  (7i[«H-7ri{7iAi,  71  ^2)])/^")  valid. 

11.  Therefore,  (Ai;  (71  >11,71^2 );7i(Da:Ar'. A"''))  valid 

12.  A  very  similar  argument  shows  that  (A2;  (72A1, 72A2);  72(LlQ':Ar'.A""))  valid 

13.  and  an  analogous  argument  shows  that 

(Al;(7lAl,7lA2);7l(Sa:A^^A'0)  is  (A2;  (72A1 , 72^2);  72(Ea:ir'.A^^0)- 

•  Case:  Rule  25 

1.  By  the  inductive  hypothesis,  (Ai;7iA;T)  is  (A2;72A;T). 

2.  As  in  the  case  for  Rule  6,  (Ai;  5(71  A))  is  (A2;5(72A)). 

3.  Thus  (Ai;7iA;  5(71  A))  valid, 

4.  (A2;72A;5(72A)) valid, 

5.  and  (Ai; 71  A; 5(71  A))  is  (A2; 72 A; 5(72 A)). 

•  Case:  Rule  26. 

1.  By  the  inductive  hypothesis,  (Ai;  71  (Ea:Ar'. A""))  is  (A2;  72(LIa:A"^A"")), 

2.  (Ai;7ri(7iA);7i/C)  is  (A2;  tti (72A);  72 

3.  and  (Ai;  7r2(7iA);  7i({ah47ri  A}A""))  is  (A2;  7r2(72  A);  72({aH»7riA}A''")). 

4.  Thus  (Ai ;  71  A;  71  (EaiK'.K"))  valid, 

5.  (A2;72A;72(Ea:/f'.A'''))  valid, 

6.  and  therefore  (Ai;  71  A;  7i(Ea:Ar'.A'"))  is  (A2;  72A;  72(EQ':Ar'.Ar")), 

•  Case:  Rule  27 

1.  By  Lemma  B.l  and  the  inductive  hypothesis,  (Ai;7iAr')  is  (A2;72A")- 

2.  Let  A'l,  A'/ ^  Ai 

3.  and  assume  (A'l;  Si;  71 /£")  is  (A";  B";  7i/'£"). 

4.  By  monotonicity,  (A'i;7i[ai-^Bj];r,Q':A")  is  (Ai';7i[Q'h-)-B"];r,a:/("). 

5.  By  the  inductive  hypothesis, 

(A;;(7i[aH^Bj])(Aa);(7i[aH4B;])/-r")  is  (A'/;  (72[aH^Bn)(^«); (72[aH4Bn)/n- 

6.  That  is,  (Ai;(7i^)Si;(7i[aH4B{])/n  is  {A'^-,{-,2A)B['-,iy2[a^B['])K"). 

7.  Therefore,  (Ai;  71  (na:ir'./(r"))  valid 

8.  and  (Ai;7iA;7i(na;A".A"'))valid. 

9.  A  similar  proof  shows  that  (A2;72A;72(na:A''./<"'))  valid. 

10.  Let  (Ai,A^)  ^  (Ai,A2) 

11.  and  assume  (Ai;Bi;  71 /■£")  is  (A2;  ^2;  72A")- 

12.  By  monotonicity,  (Ai ;  7i[a(-^Bi];  T,  a:*")  is  (Ai;  72[ai->^B2];  F,  a:/-r'). 

13.  By  the  inductive  hypothesis, 

(•^1;  (7i[«'->Bi])(Aa);(7i[ai-^Si])A"')  is  (Ai;  (72[Q''-lB2])(Aa);  (72[ai->B2])/F"). 

14.  That  is,  (Ai;  (7iA)Si;  (7i[q'i-4-Bi])A'")  is  (Ai;  (72^)52;  (72[aM-B2])A'"). 

15.  Therefore,  (Ai;  71  (Ha:/!:'. A"'))  is  (A2;  72(na:A:'.Ar")) 

16.  and  (A,;7iA;7i(ncr:A".A"'))  is  (A2;  72A;  72(na:A".A"')). 
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•  Case:  Rule  28 

1.  By  the  inductive  hypothesis,  (Ai;  7i>l;  7i/<"i)  is  (Ai;  72^4;  72/^1) 

2.  and  (Ai;  71/^1  <  71  i<"2)  is  (A2;  72^^!  <  72-?i"2). 

3.  Therefore,  (Ai ;  71^4;  71/^2)  is  (Ai;  72^;  72^'^2) 

Constructor  Equivalence  Rules:  T  \-  Ai  =  A2  :  K, 

It  suffices  to  prove  that  if  F  h  Ai  =  A2  :  K  and  (Ai;7i;r)  is  (A2;72;r)  then  (Ai;  71^11;  71 /F)  is  (A2, 72-^2?  72^^)? 
because  it  follows  that  (A2;  72^1;  72-f'^^i)  is  (A2;  72^2;  72^'^2)j  so  (Ai;  7ii4i;  7iiF)  is  (A2;  72^2;  72^t )  by  Symmetry 
and  Transitivity.  A  similar  argument  yields  (Ar,  71 A2;  71-^'^)  is  (A2;  72A2;  72^")- 

•  Case:  Rule  29. 

1.  By  the  arguments  for  Rule  40, 

(Ai;  7i(Aa:iF'.Ai);  7i(na:/C./F"))  is  (A2;  72(Aa:/F^A2);  72(na:/F'./F")). 

2.  By  the  inductive  hypothesis,  (Ai; 71  Ai; 71 /C)  is  (A2; 72A2; 72^0* 

3.  Therefore,  (Ar,  71  ((Aa:/F^Al)AJ);  71  is  (A2;  72((AQf:iF  .^2)^2);  72({q''-^A2}/F  )). 

4.  Similarly  (Ai ;  7l((Aa:iF^Al)A^);  71  ({aH-Ai}iF^^))  is  (A2;  72((Aa:/F  .Ai)Ai);  72({o'i-^Ai}iF  )). 

5.  But  A2  I"  72((Aa:/C.A2)A2)  —  72({<^'^-^2}^2)- 

6.  Thus  by  Lemma  4.7, 

(Ai; 7i((Aa:/C.Ai)A;); 7i({aH^A;}/C'0)  is  (A2; 72({cv'-^A2}A2); ^2 {{a !<”))• 

7.  Then  since  (A2;  72Aj ;  72/F^)  is  (A2;  72A2;  72-/^') 

8.  we  have  (A2;  72({cv'->'Ai}/F"))  is  (A2;  72({q^'-^A2}/F'')). 

9.  By  Lemma  4.3,  (Ai;  7i((Aa:iF'.Ai)A5);  7i({q?i-^AJ}/F^'))  is  (A2;  72({<3f‘->-A2}A2);  72({o'->Ai}/F  )). 

•  Case:  Rule  30. 

Exact  analog  to  the  proof  of  Rule  27. 

•  Case:  Rule  31. 

This  proof  is  analogous  to  the  proof  for  Rule  26  except  that  due  to  the  assymmetry  of  the  rule’s  last  premise 
we  must  note  that  (Ai;  72({cvi->7ri Ai}/^^^))  is  (A2;  72({cu^^iA2}iF  ))  and  use  Lemma  4.3. 

•  Case:  Rule  32. 

1.  By  an  argument  as  in  the  proof  of  Rule  24, 

(Ai;  7i(Ai,  A2);  7i(^^i  X-^t"2))  is  (A2;  72(Ai,  A2);  72(-^^i xAr2)). 

2.  Thus  {Ai;7i(7ri(Ai,  A2));7i^^i)  is  (A2;  72(7ri(Ai,  A2));  72A"i)- 

3.  By  the  inductive  hypothesis,  (Ai;  71  Ai;  71/^1)  is  (A2;  72Ai;  72/Fi). 

4.  Now  (Ai;7i(Ai,A2);  71  (-^1x7^2))  is  (A2;  72(Ai,  A2};  72(A"i  xiF2)). 

5.  and  A2  H  72  7ri(Ai,  A2}  72 Ai- 

6.  By  Lemma  4.7,  (Ai; 7i7ri (Ai,  A2); 7i'^"i)  is  (A2; 72Ai; 72Ari). 

•  Case:  Rule  33. 

Same  argument  as  previous  case. 

•  Case:  Rule  34. 

1.  By  the  inductive  hypothesis,  (Ai;  71  A;  5(715))  is  (A2;  72A;  5(725))- 

2.  Thus  Ai  h  7iA  :  T  ^  A2  b  72 A  :  T, 

3.  Ai  b  7i5  :  T  A2  b  72  5  :  T, 

4.  and  A2  b  72 A  :  T  ^  A2  b  J2B  :  T. 

5.  By  transitivity,  Ai  b  71A  :  T  A2  b  725  :  T. 

6.  Therefore  (Ai; 71  A; T)  is  (A2;72A;T), 

7.  (Ai;7iB;T)  is  (A2;725;T), 
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8.  and  (Ai;7i^;T)  is  (A2;t2JB;T). 

•  Case:  Rule  35. 

By  the  inductive  hypothesis  and  the  definitions  of  the  relations. 

•  Case:  Rule  36. 

By  the  inductive  hypothesis  and  Lemma  4.5. 

•  Ca^e:  Rule  37. 

1.  By  the  inductive  hypothesis,  (Ai;  71^;  7ijR:)  is  (Ai;  71^';  71  A") 

2.  and  (Ai;  71^';  71  A")  is  (A2;  72^";  72!^). 

3.  By  Lemma  4.6,  (Ai;  71A;  71  AT)  is  (A2;  72^4";  72 A"). 

•  Case:  Rule  38. 

By  the  defimtion  of  the  algorithm  and  the  logical  relations. 

•  Case:  Rule  39. 

By  the  assumption  regarding  71  and  72. 

•  Case:  Rule  40. 

Analogous  to  the  proof  for  rule  20. 

•  Case:  Rule  41. 

1.  Using  the  inductive  hypothesis,  (Ai;7i(y4^i);7i({ai->Ai}/(r2))  is  A[)-,j2{{av-^A[}K2)). 

2.  Therefore  by  Lemma  4.3,  (Ai;7i(AAi);7i({ah^Ai}A'2))  is  (A2;  72(^'A'i);  72({aH-yli}/'£'2)). 

•  Case:  Rule  42. 

Analogous  to  the  proof  for  Rule  22. 

•  Case:  Rule  43. 

Analogous  to  proofs  for  Rule  23  and  Rule  41,  except  that  the  assymmetry  of  the  conclusion  requires  a  use  of 
Lemma  4.3. 

•  Case:  Rule  44. 

Analogous  to  proof  for  Rule  24  except  that  the  assymmetry  of  the  rule’s  last  premise  requires  a  use  of 
Lemma  4.3. 

•  Case:  Rule  45. 

By  the  inductive  hypothesis  and  the  definition  of  the  logical  relations. 

■ 

A  straightforward  proof  by  induction  on  well-formed  contexts  shows  that  the  identity  substitution  is 
related  to  itself: 

Lemma  4.10 

Jf  r  h  ok  then  for  all  /?  G  dom(r)  we  have  (T;  /?;  T/?)  is  (T;  /S;  1/3).  That  is,  (F;  id;  T)  is  (F;  id;  F)  where  id 
is  the  identity  function. 

Proof:  By  induction  on  the  proof  of  P  h  ok. 

•  Case:  Empty  context.  Vacuous. 

•  Case:  P,  a:A". 

1.  By  Lemma  B.l,  P  h  A",  and  P  h  ok. 

2.  Also,  a  0  dom(P). 

3.  By  the  inductive  hypothesis,  (P;/3;P/3)  is  (P;/3;P/?)  for  all  (5  E  dom(P). 

4.  By  monotonicity,  (P,  a:A';/3;  ((P,a:A:')/3))  is  (P,a:A';/?;  ((P,a:A0/3))  for  all  /3  €  dom(P). 

5.  By  Theorem  4.9,  (P;  A")  is  (P;  A") 

6.  and  by  monotonicity  (P,a:A";Ar)  is  {T.aiK^K) 
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7.  Now  T^a:K  a  ^  K  T,a:K  \-  a  ^ 

8.  so  by  Lemma  4.8,  (F,  a; /f)  is  (F,  Q':/F;a;  A"). 

■ 

This  yields  our  completeness  result  for  the  algorithm: 

Corollary  4.11  (Completeness) 

1.  IfT  Ki  =  K2  then  (F;  ATi)  is  (F;  A^s). 

2.  IfT  )r  Ai  =  A2  :  K  then  {T]Ai]K)  is  (F;  A2;  AT). 

3.  IfT  \-  Ki  =  K2  then  F  H  FCi  F  h  /F2 . 

4.  IfT  \-  Ax=  A2  :  K  then  F  h  :  K  <^T  \-  A2  :  K. 

Proof: 

1,2  By  Lemma  4.10,  we  can  apply  the  Fundamental  Theorem  with  71  and  72  being  identity  substitutions. 

3,4  Follows  directly  from  parts  1  and  2  and  the  Main  Lemma. 

I 

Lemma  4.12 

J.  IfTi  h  yli  t  ATi  Fi  h  Ai  t  I<i  and  F2  h  ^2  t  K2  F2  F  ^2  t  ^2  then 

Fi  h  yli  t  A^i  F2  F  A2  t  Ar2  is  decidable. 

2.  IfTi  \-Ai:Ki^Ti\-Ai:Ki  and  F2  F  >^2  :  I<2  r2  F  ^2  :  I<2  then  Fi  F  :  Ki  F2  F  ^2  :  i^2 
is  decidable. 

3.  IfTi  F  Ki  4^  Fi  F  iFi  and  T2  F  K2  r2  F  K2  then  Fi  F  Ki  F2  F  K2  is  decidable. 

Proof  Sketch:  By  induction  on  the  proof  of  the  first  assumption. 

Roughly  speaking,  the  algorithm  does  independent  expansion  of  the  two  terms  and  compares  the  results. 
If  we  know  that  the  expansion  process  terminates  for  the  two  terms  individually,  then  the  simultaneous 
expand- and-compare  of  both  terms  will  also  terminate  (possibly  earlier  if  the  terms  are  inequivalent). 

Corollary  4.13  (Decidability) 

1.  IfT  h  Ai  :  K  and  T  \-  A2  :  K  then  T  h  Ai  :  K  ^  T  h  A2  :  K  is  decidable. 

2.  IfT  h  Ki  and  T  b  K2  then  F  F  A"i  F  F  K2  is  decidable. 

Proof:  By  Corollary  4.11,  comparison  of  each  well-formed  type  or  term  with  itself  is  decidable,  by  Lemma  4.12, 
therefore,  the  comparison  of  the  two  types  or  two  terms  is  decidable.  1 

We  conclude  this  section  with  an  application  of  completeness. 

Proposition  4.14  (Consistency) 

Let  bi  and  62  be  two  distinct  constants  of  kind  T.  Then  the  judgment  F  61  =  62  :  T  ”  is  not  provable. 

This  inequivalence  (and  the  inequivalence  of  XaiT.a  and  XaiT.bi  at  kind  T—^T  mentioned  in  Section  2.2) 
is  obvious  for  algorithmic  equivalence,  which  by  completeness  transfers  to  inequivalence  in  the  declarative 
system. 

In  proving  soundness  of  the  TILT  compiler’s  intermediate  language,  these  sorts  of  consistency  properties 
are  essential.  The  argument  that,  for  example,  the  only  closed  values  of  type  int  are  the  integers  would  fail 
if  the  type  int  were  provably  to  another  base  type. 
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Kind  Extraction 

T\-bi^T 

F  h  a  t  F(q:) 

F  h  TTip  t  Ki 

ifFl-ptS/?:Ai.A2 

F  h  Trap  t 

ifFhptS^iAi.Aa 

F  h  pA  t  {/?h^A}A2 

ifFhptn/Jr/Fi.Aa 

Weak  head  reduction 

F  h  A[(Aa:A.A)A']  E[{a^A'}A] 

FI-A[7ri(Ai,A2)]-A[Ai] 

Fh  A[7r2(Ai,A2)]-^  A[A2] 

F  h  p  S 

ifFhpt5(S) 

Weak  head  normalization 

FI-  A)(B 

if  F  1-  A  A'  and  F  I-  A'  5 

Fl-5))5 

otherwise 

Algorithmic  consti'uctor  equivalence 


r  h  Ai  A2  ;  T 
r  h  Ai  Aa  :  5(5) 
T\-Ai<^A2  :Ua:K'.K" 
r  h  Ai  Aa  :  Y,oc:K' .K” 


if  r  h  Ai  JJ.  pi,  r  h  Aa  ij-  P2,  and  F  h  pi  pa  t  ^ 
always 

ifr,Q;:A'h  Aia-ti^Aaa:  A" 

if  r  I-  TTiAi  TTiAa  :  K'  and  F  h  jraAi  o-  TTaAa  :  {ai-^7riAi}/F" 


Algorithmic  path  equivalence 
F  h  6,-  0  hj  t  T 
F  h  a  o  a  t  F(a) 

F  h  piAi  •(->  P2A2  F  {a'->Ai}A2 
F  h  TTipi  TTipa  t  Ki 
F  h  TTapi  o  TTapa  t  {a^->7^lPl}A2 


if  i  =  j 

if  F  h  Pi  Pa  t  IlaiAi.Aa  andalso  F  h  Ai  Aa  :  Ki 

if  F  h  Pi  <->■  Pa  t  T,a:Ki.K2 

ifFi-pi  ■H-patSa:Ai-Aa 


Algorithmic  kind  equivalence 
T\-T-!^T 
FI-5(Ai)  ^5(Aa) 

F  h  na:Ai.Li  ^  na:/Fa  F2 
F  h  SariFi.ii  EQ:Aa.La 


always 

if  F  h  Ai  Aa  :  T 

if  F  h  /Fi  Aa  and  F,  a:Ai  h  ii  La 
if  F  h  Ai  Aa  and  F,  a:Ai  I-  Li  o  La 


Figure  8:  A  Simplified  Algorithm 


5  A  Simpler  Algorithm 

We  have  shown  that  constructor  equivalence  is  decidable  by  presenting  a  sound,  complete  and  terminating 
algorithm.  However,  as  an  implementation  it  inefficiently  maintains  two  typing  contexts  and  two  classifying 
kinds.  We  would  prefer  an  algorithm  more  like  the  declarative  rules  for  equivalence,  having  only  a  single 
typing  context  and  a  single  classifier.  The  revised  algorithmic  relations  are  shown  in  Figure  8. 

The  definition  of  this  simplified  algorithm  is  asymmetric  because  of  essentially  arbitrary  choices  between 
two  provably  equivalent  kinds  for  the  classifier  or  the  typing  context.  Because  we  cannot  prove  directly  that 
this  simplified  algorithm  satisfies  any  symmetry  or  transitivity  properties,  we  cannot  simply  use  the  same 
proof  strategy.  However,  we  can  show  the  simplification  is  complete  with  respect  to  the  previous  algorithm, 
from  which  the  remaining  correctness  properties  follow  easily. 

One  other  small  simplification  is  that  in  weak  head  reduction  we  need  not  worry  about  a  path  having 
a  proper  prefix  with  a  definition;  for  well-formed  constructors  this  can  never  occur,  (See  the  proof  of 
Corollary  3.2.) 

We  first  define  a  “size’'  metric  on  derivations  in  the  six-place  algorithmic  system.  This  metric  measures 
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the  size  of  the  derivation  ignoring  head  reduction  or  head  normalization  steps;  equivalently,  we  can  define 
the  metric  as  the  number  of  term  or  path  equivalence  rules  used  in  the  derivation.  Since  every  judgment 
has  at  most  one  derivation  in  the  six-place  system,  we  can  refer  unambiguously  to  the  size  of  a  provable 
algorithmic  j  udgment . 

The  important  properties  of  this  metric  are  summarized  in  the  following  two  lemmas. 


Lemma  5.1 

1.  If  Ti  h  ^1  :  Ki  ^  r2  i-  A2  :  K2  and  Ti  \-  Ai  :  Ki  Tsh  A3  :  K3  then  the  two  derivations  have  equal 
sizes. 

2.  If  Fi  \-  Alt  Ki  r2  h  ^2  t  K2  and  Ti  h  f  ^i  T3  \-  A3  t  Ks  then  the  two  derivations  have 
equal  sizes. 

Proof:  [By  induction  on  the  hypothesized  derivations] 

•  Assume  Fi  h  Ai  :  T  ^  Fa  b  A2  '  T  and  Fil“Ai:T4^F3l“  As  :  T.  Then  Fi  h  Ai  If  pi,  F2  b  A2  '(J'P2j 

F3  b  As  If  P3,  Fi  b  Pi  t  T  O  F2  b  p2  t  7^,  and  Fi  b  Pi  t  T  Fs  b  p3  t  T.  By  the  inductive  hypothesis,  these 
last  two  algorithmic  judgments  have  equal  sizes,  so  the  original  equivalences  have  equal  sizes  (greater  by  one). 

•  Assume  Fi  b  Ai  :  S{Bi)  F2  b  A2  :  S{B2)  and  Fi  b  Ai  :  S{Bi)  ^  Ts  As  :  S{Bs).  Then  the  derivations 
both  have  a  size  of  one. 

•  Assume  Fi  b  Ai  :  Flex'. Ai.Ai  -O  F2  b  A2  •  na;A2.A2  and  Fi  b  Ai  :  Flcx'.Ai.Ai  F3  b  As  >  ncv:A3.A3.  Then 

Fi,a:/Fi'  b  Ai  a  :  AT"  ^  F2,a;A'2  b  A2  a  :  K2  and  Fi,a:K[  b  Ai  a  :  ^  F3,cv:A"2  b  A3  «  :  AT".  By  the 

inductive  hypothesis  these  derivations  have  equal  sizes  and  hence  the  original  equivalence  judgments  have 
equal  sizes  (greater  by  one). 

•  Assume  Fi  b  Ai  :  YjOi'.Ai.A\  F2  b  A2  •  Ija:A2.A2  and  Fi  b  Ai  :  IjCv:Ai.Ai  ^  F3  b  A3  :  YjCx'.A^^As  •  Then 

Fi  b  TTiAi  :  A"{  F2  b  7riA2  :  AT^,  Fi  b  ttiAi  :  K[  F3  b  7riA3  : 

Fi  b  7r2Ai  :  {aK-)-7ri Ai}A"f^  ^  F2  b  7riA2  :  {cvi-^Tri A2}A^2^  and 

Fi  b  7r2Ai  :  {ah^Tn Ai}A""  F3  b  7riA3  :  {ai-^7ri As^AT" .  By  the  inductive  hypothesis  twice,  both  pairs  of 

judgments  contain  two  derivations  with  equal  sizes. 

•  Assume  Fi  b  6^  t  ^  ^  r2  b  6*  t  T  and  Fi  b  t  ^  Ts  b  6^  t  F.  Both  derivations  have  size  one. 

•  Assume  Fi  b  a  t  ri(a)  F2  b  a  t  F2{a)  and  Fi  b  a  t  ri(a)  F3  b  cv  f  Fsioi).  Both  derivations  have  size 

one. 

•  The  remaining  three  cases  follow  directly  by  the  inductive  hypothesis. 

I 


Lemma  5.2 

1.  Jf  Fi  b  Ai  :  Ki  F2  b  A2  :  K2  then  the  derivation  F2  b  A2  :  1^2  Fi  b  Ai  :  A"i  has  the  same  size. 

2.  If  Fi  b  Ai  t  I<i  F2  b  A2  t  ^2  then  the  derivation  F2  b  A2  t  ^<2  O  Fi  b  Ai  t  has  the  same  size. 

Proof  Sketch:  The  two  derivations  are  essentially  mirror-images  of  each  other,  and  hence  use  the  same 
number  of  rules  of  each  kind. 

Using  the  metric,  we  can  show  the  completeness  of  the  four-place  algorithm  with  respect  to  the  six-place 
algorithm. 

Lemma  5.3 

1.  Jf  h  Ti  =  Fz,  Ti  h  Ki  =  Kz,  Ti  h  :  Ki,  Fz\-Az:  Kz,  and  Ti\-  Ai  :  Kx  ^Vz\-  Az  ■■  Kz  then 

Ti  h  Ai  A2  :  A'l . 

2.  Jf  h  Ti  =  Ta,  Ti  h  Ki  =  Kz,  Ti  I-  :  Ki,  Tz^Az:  Kz,  and  Ti  h  t  Ai  -H-  r2  h  A2  t  Kz  then 
Fi  h  Ai  Az  t  Ki- 

Proof:  [By  induction  on  the  size  of  the  hypothesized  algorithmic  derivation.] 

Assume  I-  Fi  =  r2,  Fi  h  Ki  —  Kz,  Fi  I-  Ai  :  Ki,  and  F2  H  A2  :  Kz- 
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•  Case:  Pi  h  :  T  4^  r2  f-  A2  :  T  because  Pi  }r  Ai  -U-pi,  P2  h  A2  \)^P2,  and  Pi  h pi  t  ^  r2  h  p2  t 

Now  by  the  soundness  and  completeness  of  the  six-place  algorithm  we  have  Pi  h  Ai  :  T  4^  Pi  h  ^2  :  T,  where 

Ti  h  ^2  II  pi  and  Pi  1-  pi  t  T  Pi  h  t  T. 

By  Lemma  5.1,  the  sizes  of  the  two  proofs  of  algorithmic  path  equivalence  have  equal  sizes.  Since  this  size  is 
less  than  the  size  of  the  original  algorithmic  judgment  (by  one),  we  may  apply  the  inductive  hypothesis  to  get 
Pi  b  Pi  -H-  pi  t  Therefore,  Pi  h  yli  4^  ^2  :  T. 

•  The  remaining  cases  are  all  either  trivial  or  follow  directly  from  the  inductive  hypothesis. 
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Corollary  5.4  (Completeness) 

IfT\-Ai  =  A2:K  then  T  \- Ai  A2  :  K. 

Proof:  Assume  P  h  Ai  =  A2  :  K.  By  the  completeness  of  the  six-place  algorithm,  T  Ai  :  K  A2  :  K .  Then 

P  h  Ai  4^  A2  :  /P  by  Lemma  5.3.  | 

Theorem  5.5  (Soundness) 

1.  If  T  \-  Ai  :  Kj  P  I-  A2  :  K,  and  P  h  Ai  4^  A2  :  K  then  T  \-  Ax  =  A2  :  K. 

2.  IfT  h  Pi  :  Kx,  r  h  p2  :  K2,  and  T  \-  px  <r^p2^  K  then  P  h  pi  =  p2  :  K, 

Proof  Sketch:  By  induction  on  the  hypothesized  derivations,  exactly  analogous  with  the  soundness  proof 
for  the  six-place  algorithm. 

Lemma  5.6 

1.  If  P  h  Ax  Ax  ^  K  and  T  \-  A2  iA-  A2^  K  then  T  \-  Ax  ^  A2 't  K  is  decidable. 

2.  If  P  h  Ax  4=>  Ax  :  K  and  P  h  A2  4>  A2  :  K  then  P  h  Ax  4^  A2  :  K  is  decidable. 

3.  If  Fh  KxO  Kx  and  F  h  K2  K2  then  F  h  Kx  ^  K2  is  decidable. 

Proof:  Essentially  the  same  proof  as  in  the  original  algorithm.  | 

Theorem  5.7  (Decidability) 

1.  IfFh  Ax  :  K  and  F  \-  A2  :  K  then  F  \-  Ax  ^  A2  :  K  is  decidable. 

2.  If  P  h  Kx  and  F  h  K2  then  P  h  I<i  4^  K2  is  decidable. 

Proof:  Follows  from  reflexivity  of  constructor  and  kind  equivalence,  Completeness,  and  Lemma  5.6.  I 

6  Related  Work 

Our  proof  was  inspired  by  that  of  Coquand  [3] ,  but  because  the  equivalence  considered  there  was  not  context- 
sensitive  in  any  way  our  algorithm  and  proof  are  substantially  different.  Because  of  the  validity  logical 
relations  and  the  form  of  the  symmetry  and  transitivity  properties  for  logical  equivalence,  our  initial  attempts 
to  use  more  traditional  Kripke  logical  relations  (with  worlds  being  pairs  of  contexts)  were  unsuccessful. 

Other  researchers  have  considered  lambda  calculi  with  more  interesting  equivalences.  Lillibridge  [10] 
considered  a  language  in  which  equivalence  depends  on  the  typing  context.  He  eliminates  the  context- 
sensitivity  by  tagging  each  path  with  its  enclosing  typing  context,  and  then  gives  a  rewriting  strategy  for 
this  tagged  system.  Curien  and  Ghelli  [5]  gave  a  proof  of  decidability  of  term  equivalence  in  i^<  with  Pp- 
reduction  and  a  Top  type.  Because  their  Top  type  is  both  terminal  and  maximal,  equivalence  depends  on 
both  the  typing  context  and  the  type  at  which  terms  are  compared.  They  eliminate  context-sensitivity  by 
inserting  explicit  coercions  to  mark  uses  of  subsumption  and  then  give  a  rewriting  strategy  for  the  calculus 
with  coercions.  Both  Lillibridge ’s  and  Curien  and  Ghelli ^s  approaches  require  an  extra  step  to  transfer 
decidability  results  from  this  system  without  context-sensitivity  back  to  the  original  systems. 
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Severi  and  Poll  [15]  study  confluence  and  normalization  of  ydJ-reduction  for  a  pure  type  system  with 
definitions  (let  bindings),  where  S  is  the  replacement  of  an  occurrence  of  a  variable  with  its  definition.  This 
calculus  contains  no  notion  of  partial  definitions  and  no  subtyping. 

David  Aspinall  [1]  studied  a  calculus  A<{}  with  singleton  types  and  ,0-equivalence.  Labelled  singletons 
are  primitive  notions  in  this  system;  in  the  absence  of  7?-equivalence  the  encoding  of  Section  2.3  does  not 
work.  He  conjectured  that  equivalence  in  this  system  was  decidable.  Karl  Crary  [4]  studied  an  extension  of 
_\nss  subtyping  and  power  kinds  and  also  conjectured  that  typechecking  was  decidable. 

7  Conclusion  and  Future  Work 

We  have  confirmed  that  /3?7-equivalence  for  well-formed  constructors  is  decidable  in  the  presence  of  singleton 
kinds  by  providing  a  sound,  complete,  and  terminating  algorithm.  This  algorithm  with  minor  extensions 
such  as  stopping  early  when  constructors  are  found  to  be  a- equivalent  —  is  used  by  the  internal  typechecker 
of  the  TILT  compiler. 

Although  the  pattern  of  our  logical  relations  proof  is  fairly  standard,  our  formulation  in  particular, 
the  equivalence  relation  involving  two  constructors,  two  kinds,  and  two  worlds  appears  novel,  as  is  the 
extension  to  subkinding  and  singleton  kinds. 

We  believe  that  our  proof  should  generalize  well  to  extensions  of  such  as  subtyping  and  power  kinds 
like  those  found  in  Crary ’s  work.  The  technique  may  be  applicable  to  other  calculi,  especially  those  with 
context-sensitive  equivalence. 

We  are  currently  investigating  the  addition  of  singleton  types  to  the  TILT  compiler.  These  seem  a 
promising  formalized  vehicle  for  expressing  the  information  needed  by  cross-module  inlining  [2,  16]  and 
modeling  the  structure  sharing  feature  of  original  Standard  ML. 
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A  Rules  for 

Well-Formed  Context 


•  h  ok 

T\-K  a  0  clom(r) 
r,  a:K  h  ok 


rhok 

(1) 

(2) 


Context  Equivalence 


h  Ti  =  Tz  Ti  h  Ki  =K2  «  ^  dom(ri) 

h  Ti,a-.Ki  =  T2,0!:K2 


(3) 

(4) 


Well-Formed  Kind 


r\-  K 


r  h  ok 

T\-T 


(5) 


rh^  :T 

r  h  5(A) 

r,  a:K'  h  K" 
r  1-  Ua:K'.K" 

T,  a:K'  h  K" 
r  h  Y.a-.K'.K" 


(6) 

(7) 

(8) 


Subkinding 


K  <K' 


T\- A  :  T 
r  h  S{A)  <  T 

rhok 
r  hT  <  T 


(9) 

(10) 


T'rAi=A2:T 

r  h  S{Ai)  <  S{A2) 

r  h  Ua:K[.K'T; 

T\-  K'^K  K{  T,  a:K^  h  K'-^  <  K'^ 
r  h  <  Xla-.K'^.K'^ 

r  h  Y,a:K'2.K'^ 

Th  K[<Ki2  r,  a:K[  h  K'{  <  K'^ 
r  h  T.a-.K[.K'{  <  Y-a-.K^.K'^ 


(11) 


(12) 


(13) 
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Kind  Equivalence 


r  h  Ki  =  K2 


rhok 


T\-T  =  T 

r  h  ^1  =  A2  :  T 
ri-5(Ai)  =  5(A2) 

T\-K!^  =  Ki  T,  a-.Ki  h  K'^  = 

r  h  Ua:K[.K['  =  Ha-.K^.K^' 

r  h  K{  =  r,  a  :Ki  H  K'-^  =  /C" 


r  h  J:a:K[.K'^  =  Ea-.Kl^.K^ 


Well-Formed  Constructor 


r  t-  Ea.K'.K" 
r  h  ;ri^  ;  K' 
r  h  n2A  :  {a\-^'KiA\K" 
T\-A:  'La-.K'.K" 

T\-A:  na:K'.K!^ 
T,a:K'  \-  Aa  :  K" 

r  h  >1  :  Ua-.K'.K" 

T\- A  :  Ki  T\-  Ki<K2 
T\- A:  K2 


(14) 

(15) 

(16) 
(17) 


Vh  A:K 


rhok 

(18) 

r  h  6i  :  r 

rh  ok 

(19) 

r  h  a  :  r(a) 

r,  a-.K'  \- A -.K" 

(20) 

r  h  \a-.K'.A  :  Iia:K' .K" 

A  :  na-.K'.K"  T  h  A’  :  K' 

(21) 

T\-AA':  {ay^A'}K" 

r  h  ^  :  Ea:K'.K" 

(22) 

r  h  TTi^  :  K' 

T\-A:  Y.a:K'.K" 

(23) 

r  h  -1^2 A  :  {ai-i-TriA}K' 

r  h  T,a:K'.K" 

T\-  Ax'.  K' 

T\- A2:{a^Ax}K" 

(24) 

rh  (^1,^2)  :  T,a:K'.K" 

T\-A:T 

T\- A:  S{A) 

(25) 

(26) 

(27) 

(28) 
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Constructor  Equivalence 

r,  a:K'  \-Ai=A2:K''  F  F  A[  =  A'^  :  K' 
r  h  {Xa:K'.Ai)A[  =  :  {a^A[}K" 

T\-Ai:  Ila-.K'.Ki' 

T\-A2:  Ua-.K’.K^ 

T,a:K'  Aia  =  A2a  :  K" 
r\-Ai=A2:  Ua:K'.K" 

r  f-  I.a-.K'.K" 
r  h  TTi^i  =  7ri^2  :  K' 
r  h  ‘K2A1  =  7r2^2  •  {ocy-^'KiAi^K" 

r  h  Ai  =  ^2  :  ^a:K'.K" 

Th  Ai=A\:Ki  r  h  A2  :  Ji:2 
r  h  •Ki{Ai ,  A2)  =  A\  :  ifi 
r  h  ^1  :  -fiTi  T  \- A2  =  A'2  :  K2 
r  h  ;r2(j4i ,  ^2)  =  A2  :  i^2 

r  h  ^  :  S{B) 

T\-  A  =  B  :T 

T\-  A  =  B  :T 
T\-A  =  B:  S{A) 
r\- A' =  A:  K 
Th  A  =  A'  :K 

T\- A  =  A'  :K  T\-  A' =  A"  -.K 
r\- A  =  A"  :K 

r  h  ok 

r  f-  6i  =  bi  :  T 
rhok 

r  h  a  =  a  :  r(a) 

ThK{=K'2  r,  a:K{  Ai  =  A2  :  K" 
r  h  \a:K[.Ai  =  Aa:/-S'^.^2  :  Ua-.K' .K" 

T\-  A  =  A'  :  Ua:Kx  .K2  T^Ai=A{-.  Ki 

r  H  AAi  =  A' A\  :  {o:i—^Ai}K2 
r\-Ai  =  A2:  Y.a:K'.K" 
r  h  T^iAi  =  7ri^2  • 

T\-Ai  =  A2-.  ^a:K'.K" 

r  h  Tt2A\  =  7r2A2  :  \oiy-^'K lAx} K" 

r  I-  Sa:A".A'" 
r  I-  A'l  =  A'2  :  K' 

T  h  A’l  =  A!{  :  {a^A[}K" 

T  h  {A'x,A'{)  =  {A'2,A'^)  :  Sa:A'.A" 
r  h  =  ^2  :  A  r  h  A  <  A' 
T\-Ai=A2:  IC 


A  =  A'-.K 

(29) 

(30) 

(31) 

(32) 

(33) 

(34) 

(35) 

(36) 

(37) 

(38) 

(39) 

(40) 

(41) 

(42) 

(43) 

(44) 

(45) 
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•  Ki  is  K2  [A]  iff 

1.  A  h  ok 

2.  And, 

-  Ki=T  and  A'2  =  T 

-  Or,  Ki  =  5(Ai)  and  K2  =  5(^2)  and  Ai  is  A2  in  T  [A], 

-  Or,  Ki  =  na:K[.K{'  and  ATj  =  Ua-.K'^.K'^  and  K[  is  iq  [A]  and  VA'  ^  A  if 
Ai  is  A2  in  K[  [A']  then  {ah^Ai}A'"  is  {ai-^A2}A"  [A'] 

-  Or,  Ai  =  Ea:A(.A"  and  K2  =  and  K[  is  A^  [A]  and  VA'  ^  A  if 

Ai  is  A2  in  K[  [A']  then  {ai-^Ai}A"  is  {ai->A2}A2  [A'] 

•  Ai  is  A2  in  K  [A]  iff 

1.  A  h  Ai  :  A 

2.  And,  A  h  A2  :  A 

3.  And,  A  I-  Ai  =  A2  ;  A 

•  7i  is  72  in  r  [A]  iff 

1.  A  h  ok 

2.  And,  Va  G  dom(r).  71  (Fa)  is  72(ra)  [A] 

3.  And,  Vq  G  dom(r).  71a  is  72a  in  71  (Fa)  [A], 

Figure  9:  Logical  Relations  for  Declarative  Properties 


B  Declarative  Properties  of 

To  prove  many  of  the  important  properties  of  the  declarative  system,  we  use  a  Kripke  logical  relations 
argument  with  a  more  standard  form  than  that  used  in  the  main  paper  to  prove  completeness.  The  definition 
of  the  relations  is  shown  in  Figure  9.  As  in  the  main  paper,  a  Kripke  world  A  is  a  context,  and  worlds  are 
ordered  by  the  prefix  ordering. 

The  logical  relations  in  Figure  9  are  not  used  outside  this  section,  and  should  not  be  confused  with  the 
logical  relations  of  Section  4.  (It  seems  possible  that  the  two  logical  relations  arguments  could  be  combined 
into  one,  as  in  Coquand’s  work,  but  we  have  decided  to  keep  them  separate  for  this  presentation.) 

Lemma  B.l 

1.  IfT  h  J”  then  there  is  a  subderivation  T  h  ok. 

2.  /f  ri,a:K, r2  b  J  then  there  is  a  subderivation  Fi  h  K. 

Proof:  By  induction  on  derivations.  | 

Lemma  B.2  (Reflexivity) 

1.  IfT\-  K  thenT\-  K  =  K. 

2.  IfT  b  K  then  T  \-  K  <  K . 

3.  IfT\-  A:  K  then  T\-  A^A:K, 

Lemma  B.3  (Weakening  1) 

1.  IfTi^Ts  b  J  and  ri,r2,r3  b  ok  then  ri,r2,r3  b  J . 

2.  Jfri,a:A:2,r2  b  J,  Fi  b  lU  <  A2,  andFi  b  Ki  then  Fi,a:Ki,F2  b  J. 
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Lemma  B.4  (Substitution) 

1.  Ifr  h  J,  Ah  ok,  and  (Va  G  dom(r).A  h  70  :  7(r(a)))  then  A  h  j{J). 

2.  IfTi ,  a:K,  T2h  J  and  Ti  h  A  :  K  then  Ti,  {an-A}r2  h  {a^A}J 

Proof: 

1.  By  induction  on  derivations. 

2.  By  Part  1, 

I 

Lemma  B.5 

The  logical  relations  in  Figure  9  are  monotone  (preserved  under  world  extension.) 

Lemma  B.6 

IfKi  is  K2  [A]  then  Ah  Ki  =  K2,  A  h  /sTi  <  /!:2,  A  h  A'2  <  Ai,  A  h  Ai,  and  A  h  A2, 

Proof:  [By  induction  on  the  size  of  kinds  ] 

•  Case:  T  is  T  [A]. 

Follows  by  A  I-  ok. 

•  Case:  S{Ai)  is  S{A2)  [A]. 

1.  Then  Ai  is  A2  in  T  [A], 

2.  so  A  h  =  ^2  :  T,  A  f-  :  T,  and  A  h  ^2  :  T. 

3.  The  desired  results  follow. 

•  Case:  Tia:K[.K(!  is  [A]. 

1.  K[  is  K!,  [A], 

2.  so  by  the  inductive  hypothesis  K[=  A  h  Ki  <  K21  ^  ^  ^  ^  P  ^  ^  -^2- 

3.  Then  A,  a:K[  h  ok, 

4.  so  A^a:K[  \-  a  ^  a  :  K[  and  A,a\Ki  a  :  K[. 

5.  Thus  a  is  a  in  Ki  [A, 

6.  and  K”  is  K2  [A^caiK^]. 

7.  By  the  inductive  hypothesis,  A,a:K[  h  K”  =  /i^2^  A,a:/f(  h  K”  <  K21  A,a:i^i  h  K2  <  K”^ 

A,ot:K[  h  /rr,  and  A,a:K[  h 

8.  Thus  A  h  Iia:K[.K^^  =  A  h  and  A  h  Iia:K!2.K^  < 

9.  By  Weakening,  A\a:K2  h  <  K2  and  A,a:/t"2  P  ^^2- 

10.  Therefore  A  h  U(y:Ki.K['  <  UaiK^.K^'  and  A  h  Ua:K^.K^\ 

.  Case:  is  EaiK^.K^'  [A]. 

Essentially  the  same  argument  as  in  the  11  case. 

■ 


Corollary  B.7 

If  Ai  is  A2  in  Ki  [A]  and  Ki  is  K2  [A]  then  Ai  is  A2  in  K2  [A] . 

Lemma  B.8 

1.  If  Ai  is  A2  in  K  [A]  then  A2  is  Ai  in  K  [A]. 

2.  If  Ai  is  A2  in  K  [A]  and  A2  is  As  in  K  [A]  then  Ai  is  As  in  K  [A] . 

3.  If  Ki  is  K2  [A]  then  K2  is  Ki  [A]. 

4.  If  Ki  is  K2  [A]  and  K2  is  Ks  [A]  then  Ki  is  Ks  [A]. 

5.  If  ji  is  72  in  r  [A]  then  72  is  71  in  T  [A]. 
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6.  If  7i  is  72  in  T  [A]  and  72  is  73  in  T  [A]  then  71  is  73  in  T  [A]. 

Proof: 

1.  By  the  symmetry  rule  for  constructor  equivalence. 

2.  By  the  transitivity  rule  for  constructor  equivalence. 

3.  By  induction  on  the  sizes  of  kinds. 

•  Case:  T  is  T  [A].  Trivial. 

•  Case:  is  5(^2)  [A].  Follows  by  Part  1. 

•  Case:  is  UaiK^.K^'  [A]. 

(a)  K[  is  K2  [A],  so  by  the  inductive  hypothesis  K2  is  K[  [A]. 

(b)  Let  A'  ^  A  be  given  and  assume  A2  is  Ai  in  K2  [A']. 

(c)  By  Part  1,  Ai  is  A2  in  K2  [A']. 

(d)  By  Corollary  B.7,  ^1  is  A2  in  K[  [A']. 

(e)  Then  {ah-^Ai}Ki  is  {ai-^A2}K2  [A']. 

(f)  By  the  inductive  hypothesis,  {ah^A2}K2  is  {a\-^Ai}Ki  [A']. 

(g)  Therefore,  UaiK^K^'  is  Uo!:Ki.K['  [A]. 

•  Case:  is  J:a:KU<2  [A].  Same  as  previous  case. 

4.  By  induction  on  the  sizes  of  types. 

•  Case:  Ki  =  K2  =  Kz  =  T.  Trivial. 

•  Case:  Ki  =  5(.4i),  K2  =  5(^2 ),  and  Kz  =  5(^3).  Follows  by  Part  2. 

•  Case:  Ki  =  K2  =  and  Kz  =  Iia:KU<z^ 

(a)  K[  is  K^  [A]  and  is  K^  [A], 

(b)  so  by  the  inductive  hypothesis  K[  is  K^z  [A]- 

(c)  Let  A'  ^  A  and  assume  Ai  is  Az  in  K[  [A']. 

(d)  By  Parts  1  and  2,  Ai  is  Ai  in  K[  [A']. 

(e)  By  Corollary  B.7,  Ai  is  Az  in  K2  [A']. 

(f)  Thus  {a\-^Ai}K['  is  {a\-^Ai}K2  [A] 

(g)  and  {ah^AiyK”  is  {ai-^Az}Ks  [A]. 

(h)  By  the  inductive  hypothesis,  {ah->Ai}Ki  is  {a\-^Az}K”  [A]. 

(i)  Therefore,  Ki  is  Kz  [A]. 

•  Case:  Ki  =  Tia:Ki.Ki\  K2  =  TiaiK^.K^^  and  Kz  =  I^aiK^.K^' .  Same  proof  as  in  the  11  case. 

5.  By  Parts  1  and  3  and  Corollary  B.7. 

6.  By  Pcirts  2,  4,  5,  and  CoroUary  B.7. 

■ 

Theorem  B.9 

1.  Ifji  is  72  in  r  [A]  and  T  Ai  =  :  K  then  71^1  is  72A2  in  yiK  [A]  and  jiK  is  72/i:  [A], 

2.  If  ji  is  72  in  r  [A]  and  F  h  A  :  K  then  -yiA  is  72^  in  jiK  [A]  and  jiK  is  72 /C  [A]. 

3.  Ifji  is  72  in  r  [A]  and  F  h  K  then  jiK  is  72 iF  [A]. 

4.  Ifji  is  72  in  r  [A]  and  F  l-  iFi  <  K2  then  'fiKi  is  72iFi  [A],  71 /F2  is  J2K2  [A],  and  A  h  71/Fi  <  72iF2. 

5.  Ifji  is  72  in  F  [A]  and  F  h  A'l  =  K2  then  jiKi  is  J2K2  [A]. 

Proof: 

•  Case:  Rule  5.  T  is  T  [A]  because  A  h  ok. 

•  Case:  Rule  6. 

1.  By  the  inductive  hypothesis,  jiA  is  72 A  in  T  [A]. 


48 


2.  Therefore,  5(71  A)  is  5(72 A)  [A]. 

•  Case:  Rule  7. 

1.  By  Lemma  B.l  there  exists  a  strict  sub  derivation  T  \- 

2.  By  the  inductive  hypothesis,  71  A"'  is  J2K'  [A]. 

3.  Let  A'  y  A  and  assume  Ai  is  A2  in  71  AT'  [A']. 

4.  By  monotonicity,  7i[ai-4-Ai]  is  72[a^-)•A2]  in  [A^]. 

5.  By  the  inductive  hypothesis,  is  (72 [a  1-4 A2]) A""  [A']. 

6.  That  is,  {ai-4Ai}(7i[ai-)-Q']A"'')  is  {aH'A2}(72[Q''-4Q']A"")  [A']. 

7.  Therefore,  7i(nQf:A"'.A"^^)  is  72(^a:A"^A"'^)  [A]. 

•  Case:  Rule  8.  Same  argument  as  for  previous  rule. 

•  Case:  Subkinding  and  kind  equivalence  rules.  Straightforward. 

•  Case:  Constructor  validity  rules.  Essentially  the  same  as  reflexive  instances  of  the  constructor  equivalence 
rules. 

•  Case:  Rule  29. 

1.  As  in  Rule  40,  A  h  71  (Aa:A"'.Ai)  :  7l(^a:A^^A") 

2.  and  7i(na':A"'.Ar^')  is  y20^oi:K'.K”)  [A]. 

3.  By  the  inductive  hypothesis,  A  h  71  Ai  :  7l/^^ 

4.  Thus  A  h  7i((AQ':A\Ai)Ai)  :  7i({Q'i-^Ai}A^^^). 

5.  By  the  inductive  hypothesis,  71  Ai  is  72  A2  in  71  A"'  [A]. 

6.  Thus  7i[aH-)-7iAi]  is  72[q'i-472A2]  in  r,a:A"'  [A]. 

7.  By  the  inductive  hypothesis,  A  h  (72 [» 1-472 Ai])A2  :  (7i[ai-47i  Ai])A"''. 

8.  7i[aH-)-a]  is  72[aM“a]  in  F, a:A"'  [A,a:7i/F']. 

9.  By  the  inductive  hypothesis,  7i[ai-4a]Ai  is  72[aH-a]A2  in  71  [A,a:7iA"']. 

10.  Thus  A  h  7l((Aa:/F^Al)Ai)  =  72({afi-4Ai}A2)  :  7i({ai-4Ai}A‘"). 

11.  Finally,  71  Ai  is  72  Ai  in  71  AT'  [A] 

12.  so  7i({aH4Ai}A'")  is  72({Q'i-4Ai}A''')  [A]. 

•  Case:  Rule  30. 

1.  As  in  the  argument  for  Rule  7,  7i(na:A"'.A"^')  is  72(^a:A"^A'^^)  [A]. 

2.  In  particular,  by  Lemma  B.l  there  is  a  strict  subderivation  F  h  K*. 

3.  By  the  inductive  hypothesis  71  A"'  is  72 A"'  [A]. 

4.  Also  using  the  inductive  hypothesis  and  Lemma  B.6,  A  h  71  Ai  :  71  (na:/F'.A"") 

5.  and  A  h  72 Ai  :  ^\(n.a:K\Ki). 

6.  By  Lemma  B.6,  A  h  71  A"',  so  A^aijiK^  h  ok. 

7.  By  monotonicity,  7i[Q?i-)-a]  is  72[Q'H^a]  in  F, a:A"'  [A,a:7iA'^]. 

8.  By  the  inductive  hypothesis,  (7iA"i)a  is  (72A’2)a  in  7i[ai-4a]A""  [A,cv:7iA''] 

9.  Thus  A,a:7iA"'  h  (7iAi)a  =  (72A2)a  :  7i[ai->-Q']A''^ 

10.  A,a:7iA"'  1-  (7iAi)a  :  71  [aH->Q'] A"", 

11.  and  A,a:7iA^^  h  (72A2)a  :  7i[ai-4a]A"'\ 

12.  Thus  A  h  71  Ai  :  7l(^a:A"^A"''), 

13.  A  h  72 A2  :  yi{Ua:K\K”), 

14.  and  A  h  7iAi  =  72 A2  : 

15.  Therefore  71  Ai  is  72 A2  in  ji(n.a:K\K”)  [A] 
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•  Case:  Rule  31. 

1.  By  the  inductive  hypothesis,  'yi{'Za:K\K")  is  72(Da:/^^^R^")  [A], 

2.  7ri(7i74i)  is  7ri(72^2)  in  yiK'  [A], 

3.  and  7r2(7i^i)  is  7r2(72^2)  in  71  ({»>-> 7ri^i}/C')  [A]. 

4.  Thus  A  h  71^1  =  72^2  :  7i(2a:/^'./r"), 

5.  and  A  h  71^1  : 

6.  Also,  yi{{ai-^7riAi}K")  is  72({QfH^7ri ^2}/^'')  [A], 

7.  so  by  subsumption  A  h  72(7r2A2)  :  72({aH“7riA2}Ar'^). 

8.  Similarly,  71  A"'  is  72 A"'  [A] 

9.  so  by  subsumption  A  h  72(7riA2)  :  72A"'A. 

10.  Then  A  (-  72 A2  :  72(Sa:Ar'.A^")- 

11.  and  by  subsumption,  A  h  72 A2  :  71  (Da: A"'. AT"). 

•  Case:  Rule  32. 

1.  By  the  inductive  hypotheses,  71  Ai  is  72 Ai  in  7iA"i  [A], 

2.  7iAri  is  72A"i  [A], 

3.  and  71 A2  is  72 A2  in  71 /G  [A]. 

4.  Thus  A  h"7iAi  =  72A5  :  7iA"i, 

5.  A  f-  7iAi  :  7iA"i, 

6.  A(-72A;  :7iA^i, 

7.  and  A  h  71A2  :  7iA"2. 

8.  Then  A  h  7i(Ai,A2)  :  7i(^ixA"2), 

9.  so  A  h  7i(7ri(Ai,  A2))  :  7iA'i. 

10.  Also,  A  h  7i(^i(Ai,  A2))  =  72 A2  :  71  Ku 

11.  so  7i(7ri(Ai,  A2))  is  72 A2  in  7iA'i  [A]. 

•  Case:  Rule  33.  Similar  proof  as  in  previous  case. 

•  Case:  Rule  34. 

1.  By  the  inductive  hypothesis  A  h  71 A  =  72 A  :  5(71  J5), 

2.  Ah7iA:5(7iR), 

3.  Ah72A:S(7iR), 

4.  and  5(7iR)  is  5(725)  [A]. 

5.  Thus  A  h  7i5  =  725  :  T 

6.  and  A  h  72  5  :  T. 

7.  Ah7iA  =  7i5  :T. 

8.  By  transitivity,  A  h  71 A  =  725  :  T. 

9.  By  subsumption  A  h  71A  :  T. 

10.  FinaUy,  T  is  T  [A]. 

•  Case:  Rule  35. 

1.  By  the  inductive  hypothesis  71 A  is  72  5  in  T  [A] 

2.  so  A  h  7i  A  =  725  :  T, 

3.  AI-7iA:T, 

4.  cind  A  h  72B  :  T. 

5.  Then  A  h  71 A  =  72B  :  5(71  A), 

6.  A  h  7iA  :  5(7iA), 
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7.  and  A  h  72^  :  5(72^). 

8.  But  A  I-  5(72  B)  <  5(71^) 

9.  so  by  subsumption  A  b  72 -B  :  5(71^). 

10.  Finally,  by  the  IH  and  transitivity  and  symmetry,  71 A  is  72 A  in  T  [A] 

11.  so  5(71^)  is  5(72^)  [A]. 

•  Case:  Rule  36. 

1.  72  is  71  in  r  [A]. 

2.  By  the  inductive  hypothesis,  72 A'  is  71 A  in  72 /C  [A] 

3.  and  72/^  is  71 R"  [A]. 

4.  Thus  A  h  72/^  =  7ii^. 

5.  By  Corollary  B.7  and  symmetry,  71^  is  72^'  in  71  A"  [A]. 

6.  By  symmetry,  71  A"  is  72  A"  [A]. 

•  Case:  Rule  37, 

1.  71  is  7i  in  r  [A]. 

2.  By  the  inductive  hypothesis,  71 A  is  71  A'  in  71  A"  [A], 

3.  7iA'  is  72 A"  in  yiK  [A], 

4.  and  71  A"  is  72  A"  [A]. 

5.  By  transitivity,  71 A  is  72 A"  in  71  A"  [A]. 

•  Case:  Rule  38. 

1.  Since  A  h  ok,  we  have  A  h  6  =  6  :  T  and  A  h  6  :  T. 

2.  Also,  T  is  T  [A]. 

•  Case:  Rule  39.  By  assumption. 

•  Case:  Rule  40, 

1.  By  the  inductive  hypothesis,  71  A"'  is  72 A"'  [A], 

2.  As  in  the  proof  for  Rule  7,  we  have  yi{Ila:K^ .K”)  is  72(^a:A"^A'^')  [A]. 

3.  Now  7i[aH->-Q']  is  72[Q?t-)-a]  in  F, a:A"'  [A,a:7iA'^]. 

4.  By  the  inductive  hypothesis,  (7i[aH'a'])Ai  is  (72[aH->‘a])A2  in  (71  [ai->a]) A"''  [A,a:7iA"'], 

5.  so  A,a:7i/F^  b  (7i[cvi->-Q'])Ai  =  (72[o'i->-Q'])A2  :  (7i[aH->-a])A^'', 

6.  and  A,cv:7iA"'  b  (7i[ai-4'a])Ai  :  {yi[ai-^a])K” . 

7.  Thus  A  b  Aa:7i  A"'.(7i[ai->a])Ai  =  Aa:72A"'.(72[ai->-a])A2  :  7i(na:A"'.A^'') 

8.  and  A  b  Xa:yi K' .{yi[a\-^a])Ai  :  7i(na:Ar'.A""). 

9.  Similarly,  72[aH->’a]  is  7i[aH-c¥]  in  F,  a:A"'  [A,a:72A"'] 

10.  So  by  the  inductive  hypothesis  b  72[at->-a]A2  :  72 [««-)•«] A"". 

11.  Then  A  b  Aaf:72/F'.(72[Q'H>cv])A2  :  72 (Ha: A"'. A"") 

12.  and  by  subsumption  A  b  Aa:72A"^(72[Q'•-)‘a])A2  :  7i(na:/F'.A""), 

•  Case:  Rule  41. 

1.  By  the  inductive  hypothesis  71 A  is  72 A'  in  7i(na:A"i.A"2)  [A], 

2.  71A1  is  72Ai  in  7iA"i  [A], 

3.  and  7i(na:/Fi.A"2)  is  72(na:A'i .A"2)  [A]. 

4.  Thus  A  b  7i(AAi)  =  72(A'A'i)  :  7i({ai->-Ai}Ar2). 

5.  A  b  7i(AAi)  :  7i({aH’Ai}Ar2), 

6.  A  b  72(A'A'i)  :  {aH^72Ai}(7i[ai-)-a]A"2). 
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7.  But  72>1'i  is  72^1  in  ^2l<i  [A] 

8.  so  {o(^y2A[}{‘yi[a\-^a]K2)  is  y2{{oi\-^A[}K2)  [A], 

9.  and  by  subsumption  A  h  'y2{A^A[)  :  71  ({ai-4Ai}jFf2). 

10.  Finally,  ji{{a\-^Ai}K2)  is  72({q'H^Ai}/("2)  [A]. 

•  Rule  42. 

1.  By  the  inductive  hypothesis,  71^1  is  72^2  in  yi(Ea:K' .K”)  [A] 

2.  and  7l(Ea;/r^/r")  is  j2{'^a:K'.K")  [A]. 

3.  Thus  A  h  7i(7ri^i)  =  72(7ri^2)  :  71^"^', 

4.  A  (-  7i(7ri^i)  :  jiK', 

5.  Ah  72(7ri^2):7ii^', 

6.  and  'yiK'  is  72/^"'  [A]. 

•  Rule  43 

1.  As  in  the  previous  case,  ji(£a:K\K”)  is  72 (Da: A" '.A"'')  [A], 

2.  71^1  is  72 A2  in  7i(I^t^:A^'.A'")  [A], 

3.  and  7i(7riAi)  is  72(7riA2)  in  71  A"'  [A]. 

4.  and  ji{Ea:K\K'^)  is  72 (Sa: AT'. AT")  [A]. 

5.  Also,  A  h  7i(7r2Ai)  =  72(7r2A2)  :  7i({aH‘7ri Ai}A'‘'), 

6.  A  h  7i(7r2Ai)  :  7i({aH^7riAi}A""), 

7.  and  A  h  72(7r2A2)  :  {QfH->-72(7riAi )}(7i[o'i-)‘a]A""). 

8.  But  7i(Ea:A''.A^")  is  71  (SarA^'.A'")  [A], 

9.  so  {ai-4-7i(7riAi)}(7i[ai-^a]A2)  is  {Q'H>72(7ri Ai)}(7i[ai~)-a]A2)  [A]. 

10.  By  subsumption,  then,  A  h  72(7r2A2)  :  72({ai-^7ri Ai}A"") 

•  Case:  Rule  44.  Follows  easily  by  the  inductive  hypotheses. 

•  Case:  Rule  45.  Follows  easily  by  the  inductive  hypotheses. 

■ 

Lemma  B.IO 

IfTh  ok,  A  1-  ok,  and  (Va  G  dom(r).A  h  jia  =  72a  :  71  (Fa))  then  71  is  72  in  T  [A]. 

Proof;  By  induction  on  F  h  ok. 

•  Case:  Rule  1.  Follows  by  A  h  ok;  the  other  conditions  are  vacuously  true. 

•  Case:  Rule  2. 

1.  By  Lemma  B.l  there  is  a  strict  subderivation  F  h  ok. 

2.  By  the  inductive  hypothesis,  71  is  72  in  F  [A]. 

3.  By  Theorem  B.9,  71  A"  is  72 A"  [A]. 

4.  Therefore,  71  is  72  in  FjarA"  [A]. 

I 

Corollary  B.ll  (Functionality) 

1.  IfT  [-  K  and  A  h  ok  and  (Va  G  dom(r).  A  h  71a  =  72a  :  7i(r(a)))  then  A  h  jiK  =  j2K- 

2.  Ifr  h  Ki  =  K2  and  A\-  ok  and  (Va  G  doin(r).  A  h  71a  =  72a  :  7i(r(a)))  then  A  h  ‘jiKi  =  'y2l<2- 

3.  IfT  Ki  <  K2  and  A  h  ok  and  (Va  G  dom(r).  A  h  71a  =  72a  :  7i(r(a)))  then  A  I-  -fiKi  <  72/<’2. 

4.  IfT  \r  A:  K  and  A  h  ok  and  (Va  G  doin(r).  A  h  71a  =  72a  :  7i(r(a)))  then  A  h  71  =  72-^  •  JiK. 
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5.  IfT  \-  Ai=A2:  K  and  A\-  ok  and  (Va  G  dom(r).  A  h  71a  =  72a  :  7i(r(a)))  then 
A  h  71^41  =  72^2  :  7ii^. 


Corollary  B.12  (Validity) 

L  IfF  \-  Ai  =  A2  :  K  then  T  \-  Ai  :  K ,  T  \-  A2  :  and  T  \-  K. 

2.  IfT\-  A  :  K  then  T  h  K. 

3.  IfT  \-  Ki  <  K2  then  T  \-  Ki  and  F  h  K2. 

4.  IfT  T  Ki  =  K2  then  T  h  Ki  and  T  h  K2. 

Corollary  B.13  (Weakening  2) 

L  IfTi,a:K2,T2  H  J  and  Fi  h  Ki  <  K2  then  Fi,a:iFi,F2  H  J . 

2.  IfT  J  and\-T  =  T'  then  T'  h  J. 

Corollary  B.14 

Kind  equivalence  is  symmetric^  transitive,  and  reflexive  on  welTformed  types,  while  subkinding  is  transitive 
and  reBexive  on  well-formed  kinds. 

Corollary  B.15 

If  F  h  Ki  =  K2  then  T  \-  Ki  <  K2  and  F  h  /<'2  <  /^i . 

Proposition  B.16 

Jf  F  h  Xa:K'.A  :  L  then  T,  a:K'  h  A  :  K". 

Proof;  By  induction  on  derivations.  For  proofs  ending  with  Rule  20  the  desired  result  is  given  directly;  for  Rules  27 
and  28,  the  result  follows  directly  by  the  inductive  hypothesis.  B 

Lemma  B.17 

1.  IfTT  E[A]  :  L  then  there  is  a  subderivation  of  the  form  T  h  A  :  K . 

2.  IfT  h  E[AA^]  :  L  then  there  exists  a  kind  IlaiK'.K''  such  that  T  A  :  Tla:K'  and  F  h  :  K\ 

Proof: 

1.  By  induction  on  typing  derivations,  U  E  =  o  then  the  result  follows  trivially;  otherwise,  the  resxilt  follows  by 
the  inductive  hypothesis. 

2,  By  induction  on  typing  derivations.  If  F"  =  o  and  the  proof  concludes  with  a  use  of  the  application  rule  then 
the  result  foUows  by  inversion;  in  all  other  cases,  the  result  follows  by  the  inductive  hypothesis. 

■ 
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